GCHQ: I’m not charmed yet….

A little over a week ago, GCHQ gave us a show. A giant poppy, part of the 2014 Armistice Day appeal. It was spectacular – and, for me at least, more than a little creepy.

GCHQ poppy

The poppy display seems to have been part of something bigger: the term that immediately sprang to mind was ‘charm offensive’. GCHQ has, over the last year or so, been trying to charm us into seeing them as purely positive, despite the revelations of Edward Snowden. They’re trying to appear less secretive, more something to be admired and supported than something to be concerned about and made accountable. The poppy was an open symbol of that. Look at us, GCHQ seemed to be saying, we’re patriotic, positive, part of what makes this country great. Support us, don’t be worried about it. Love us.

I assume that the speech by Robert Hannigan, the new Director of GCHQ, was intended to be part of that charm offensive. For me, however, it had precisely the opposite effect. The full speech was published in the FT here – but I wanted to pick out a few points.

Privacy an absolute right?

The first, which made the headlines in the Guardian and elsewhere, is Hannigan’s statement that ‘privacy is not an absolute right’. He’s right – but we all know that, even the staunchest of privacy advocates. Privacy is a right held in balance with other rights and needs – with freedom of expression, for example, when looking at press intrusions, with the duty of governments to provide security and so forth. That’s explicitly recognised in all the relevant human rights documents – in Article 8 of the European Convention of Human Rights, for example, it says of the right to a private life that:

“There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”

So we already know that privacy is not an absolute right – so why is Hannigan making the point? It’s hard to see this as anything but disingenuous – almost as though he wants to imply that foolish privacy advocates want to help terrorists by demanding absolute privacy. We don’t. Absolutely we don’t. What we want is to have an appropriate balance, for the interference in our privacy to be lawful, proportionate and accountable. At the moment, it’s not at all clear that any of that is true – there are legal challenges to the surveillance, deep doubts as to its proportionality and little evidence that those undertaking the surveillance are properly accountable. On the accountability front, it’s interesting that he should make such a speech at a time when the Intelligence and Security Committee of Parliament, are undertaking a consultation – it made me wonder whether he’s trying to steer the committee in a particular direction.

Facebook – a tool for terrorists?

The other headline from the speech is the way Hannigan seems to be attacking Facebook and others for being too helpful to terrorists – which is an interesting reverse from the more commonly held view that they’re too helpful to the authorities. The argument seems to go that the ‘old’ forms of terrorists, exemplified by Al Qaeda, use the ‘dark web’, while the ‘new’ forms of terrorists, exemplified by IS, are using the social media – Facebook, Twitter and so forth. It’s an interesting point – and I’m sure there’s something in it. There’s no doubt that ‘bad guys’ do use what’s loosely called the dark web – and the social media activities of ‘bad guys’ all around the world are out there for all to see. Indeed, that’s the point – their visibility is the point. However, on the face of it, neither of those ‘facts’ support the need for the authorities to have better, more direct access to Facebook and so forth. Neither, on the face of it, is any justification for the kinds of mass data gathering and surveillance that seem to be going on – and that GCHQ and others seem to be asking us to approve.

By its very nature, the ‘dark web’ is not susceptible to mass surveillance and data gathering – so requires a more intelligent, targeted approach, something which privacy advocates would and do have no objection to. Social media – and Facebook in particular – don’t need mass surveillance either. To a great extent Facebook is mass surveillance. All that information is out there – that’s the point. It’s available for analysis, for aggregation, for pretty much whatever the authorities want it. And if Hannigan imagines that the secret activities of IS and others are undertaken on Facebook he’s more naive than I could imagine anyone in the intelligence services could be – they can’t have chosen to use Facebook and Twitter instead of using the dark web, but in addition to it. The secret stuff is still secret. The stuff on Facebook and Twitter is out there for all to see.

What’s more, there are already legal ways to access those bits of Facebook and Twitter than are not public – which is why the authorities already request that data on a massive scale.

Charming – or disarming?

Hannigan must know all of this – so why is he saying it? Does he think that the charm offensive has already worked, and that the giant GCHQ poppy has convinced us all that they’re wonderful, patriotic and entirely trustworthy? They may well be – I’m no conspiracy theorist, and suspect that they’re acting in good faith. That, however, is not the point. Trust isn’t enough here. We need accountability, we need transparency, we need honesty. Checks and balances. Not just charm.

Politics, surveillance and trust….

ThemistoclesThemistocles grinned; it made me like him. “There you see it – that’s how we do it here. Among you Medes, I’m told, there are many men so honorable that everyone trusts them. We’re not like that at all – we never trust one another. So what we do instead is make sure that each side’s represented, so that every rascal’s got two worse looking over his shoulder.”

Gene Wolfe, Soldier of Arete.

I’ve always liked those words, put into the mouth of Themistocles by Gene Wolfe. Soldier of Arete is one of my favourite books – giving a very different perspective on the Ancient Greeks. Wolfe tries (and for me succeeds) to give a sense of what life might really have been like – not a place of divine nobility or unattainable grace, but a place inhabited by real people. Themistocles was one of the most successful of Athenian generals and politicians – someone around at the early days of what we these days call democracy. Wolfe’s version of Themistocles is a very much a likeable character, and a very grounded one. His view of democracy, of honour and of trust is one that seems both very real and very appropriate even for these days. Honour and trust are all very well, but for things to work well, we always need someone looking over people’s shoulders.

That’s particularly relevant to surveillance. ‘Quis custodiet ipsos custodes?’, to borrow another classical source. Who watches the watchmen? At the Intelligence and Security Committee ’round table’ sessions on Tuesday (about which I wrote here) it was one of the key issues – as were the issues of honour and trust. The first question that Sir Malcolm Rifkind asked at our table was whether we thought the intelligence services acted with ‘good faith’. I understood him to mean, essentially, whether we trusted them. Whether we thought they were honourable people. My answer was that I did think they were acting in good faith – but that that is not enough. I’m not like the Mede with which Themistocles was talking in Soldier of Arete, who thought some people are so honourable that they can be trusted completely. Good faith is a good start, but it’s not nearly enough. Limits on surveillance, controls, balances and strong oversight are still needed, no matter whether the intelligence services are acting in ‘good faith;’, and regardless of whether they are honourable, trustworthy people. Even the most able and honourable people need to be overseen. They make mistakes. They can be misled. They can be confused. They can be given poor information and make inappropriate decisions. And are we sure they are honourable and acting in good faith? It doesn’t matter if almost all of them are – even a single person who isn’t and is given free rein is capable of creating a disaster.

That’s not to say, of course, that trust isn’t important. At a certain level, we have to trust people – human life would be impossible if we didn’t. In things like surveillance, that trust, however, needs to be earned. It needs to be demonstrated that people are worthy of what trust we give them – and right now, after the Snowden revelations, trust in the intelligence services is in a great deal of doubt. It needs to be rebuilt – and that means much more transparency is needed to start with, but also much more understanding. It needs to be made clear that those in authority understand why people are bothered by this. It means that they need take our worries and concerns seriously.

Right now, too, it means that they can’t expect us to take what they tell us on trust. It means there should be a little more humility, a little more of what might be called ‘grace’. The way that the Data Retention and Investigatory Powers Act (DRIP) was steamrollered through parliament this summer showed none of this. The reverse: it showed contempt for people, and a huge amount of disrespect. The whole process, rather than helping to rebuild the trust, to demonstrate the good faith, to show that they are honourable people, reduced that trust, demonstrated bad faith, and suggested that they are far from honourable. And that goes for the ‘honourable members’ of parliament and for the intelligence services who presumably suggested the bill. I say ‘presumably’, because we really don’t know, and never got the chance to find out. Sir Malcolm Rifkind admitted on Tuesday that he didn’t understand RIPA: how many of the MPs who passed DRIP understood what they were passing? My guess is that they ‘trusted’ the people telling them it was needed, and decided that was enough.

Well, for me it wasn’t. Not nearly enough. We need much more – and I’m waiting.

Surveillance: ten ways to fight back!

The-Day-We-Fight-Back-2-e1391612024967

Today, 11th February 2014, is ‘The Day We Fight Back” – a day of campaigning against mass surveillance. It’s a day where campaigners are trying to raise awareness of the issue – and begin fighting against it. The big question is how can we fight back – what can we actually do. It often seems as though privacy is dead, and that there’s nothing we can do about it. I don’t think so – there are lots of things we can do, lots of things we must do. Here are just ten….

1     Support The Day We Fight Back

One of the most important things in the whole fight is to raise awareness – and to take advantage of opportunities to spread the message that surveillance is a big issue. Days like The Day We Fight Back help to do that. Check out the website here. Tweet about it. Blog about it. Talk about it with your friends and colleagues. Make it something that people notice.

2     Lobby your politicians – or unseat them!

Let the politicians know that you care about this – because, ultimately, they are supposed to be your representatives. It may not feel as though they listen to you much – but if enough people tell them the same thing, if enough people bother them, then they may finally get up off their backsides and do something. And if they don’t, use your vote against them. Politicians make a difference here – or rather they could, if they could be bothered. Most of them don’t understand what’s going on – try to educate them! Help them to understand, and don’t let them get away with bland, meaningless reassurances.

3     Don’t let the corporations off the hook!

The Snowden revelations were shocking, revealing a degree of governmental surveillance that surprised many people, and made a lot of people angry with their governments – but we shouldn’t be fooled into thinking this is just about governments, or just about specific agencies like the NSA and GCHQ. The malaise is far deeper than that – and corporations are in it right up to their necks. In many ways corporate surveillance is worse than governmental surveillance – it can have real impact on people, messing with their credit ratings and insurance premiums, affecting their job prospects, the prices they pay for things and more.

The NSA and GCHQ to a great extent piggyback on the surveillance that the corporates do, utilise the tools that the corporates create, mine the data that the corporates hold – if the corporates weren’t doing it, the agencies couldn’t tap into it. What’s more, corporations actively lobby to undermine privacy law, obfuscate over their privacy policies and do a lot more to undermine the whole concept of privacy. We shouldn’t accept that – let alone allow themselves to portray themselves as the good guys in this story. They’re not. Right now, they’re the henchmen and sidekicks of the NSA and GCHQ – if they want our support, they need to start supporting us.

4     Don’t just demand transparency – demand less surveillance!

There’s a lot of talk of transparency, particularly in relation to governmental requests for data from the likes go Google, Facebook, Twitter etc. Transparency is great – but it’s not nearly enough. We shouldn’t let ourselves be fobbed off with talk of transparency – we need less surveillance. We need to demand that surveillance is cut back – not just that there is better accountability and transparency. Accountability often ends up in farces like the UK’s Intelligence and Security Committee’s hearing with the heads of MI5, MI6 and GCHQ – no real scrutiny at all, just a bit of lip service and a lot of back-slapping. It’s not enough. Not nearly enough.

5     Join or support civil society

Civil society groups all over the world are key players in this – and they need your support. Here in the UK, the Open Rights Group, Privacy International and Big Brother Watch have been in the forefront of the campaigns against surveillance. In the US the Electronic Frontier Foundation have been crucial. In the Netherlands Bits of Freedom have done wonders. These, however, are not groups with the scale or resources of the governments and corporations that are behind the surveillance – so they need every bit of support they can get.

6     Challenge the media!

The mainstream media, for the most part, have not played the part that they could in the fight against mass surveillance. The Guardian has been an honourable exception – and their role in making sure that the Snowden story has seen the light of day has been, for me, one of the most important pieces of journalism for many years – but generally the whole issue has been the subject of far less attention than it should have had. That’s sadly common – because reporting of almost all technology matters is pretty disappointing. We need to challenge that – and shame the media into doing a better job. When they misreport stories about surveillance they should be challenged – using the social media, for example. And, perhaps even more importantly, when they report on technology without seeing the privacy aspects we should challenge that too. One key example right now is the subject of ‘Smart Meters’ – they have deep problems in relation to privacy, but when you see a report in much of the media it only talks of the advantages, not the risks. That’s not good enough.

7     Educate yourself

Part of the reason that surveillance has grown, almost without our noticing, is that far too many of us – and I’m certainly one of them – have not kept ourselves up to date. This year is supposed to be the ‘Year of Code’ – and though that campaign is pretty farcical it does highlight the fact that most of us don’t really know how the tech we use works. If we don’t know how it works, it’ll be much harder for us to protect ourselves. I’m making a commitment right now that I’m going to learn cryptography – and that I’m going to use it.

8     Use and support privacy friendly tech

That brings the next point. There are a lot of privacy-friendly tools out there and we should use them. Search with duckduckgo or startpage rather than Google. Use Ghostery or Abine’s DoNotTrackMe to monitor or block those who are tracking you – remembering that commercial trackers can be hijacked by the authorities. These are just a few of the tools available – and there are more coming all the time – but they need to be used in order to succeed. They need support if they are to grow.

9     Keep your eye on the news

There are more stories about surveillance and other invasions of privacy appearing all the time – keep your eye on the news for them, and let other people know about them. It’s hard to keep up, but don’t give up. Don’t expect to know everything, but if we don’t keep up with the news we aren’t going to be in a position to fight. Information is power – which is a great deal of what surveillance is about. We need to be informed in order to fight back

10     Make sure the fightback isn’t just for a day

This is the most important thing of all. Campaigns for one day are pretty meaningless – and the authorities will generally let them ride, possibly with a few little comments but almost no action. Political pronouncement and political action needs long-term campaigning. Shifts in attitudes don’t happen in a day – so we need to keep this campaign going…. and expect it to be a long, attritional fight. It won’t be easy – but it’s worth it.