A better debate on surveillance?

Back in 2015, Andrew Parker, the head of MI5, called for a ‘mature debate’ on surveillance – in advance of the Investigatory Powers Bill, the surveillance law which has now almost finished making its way through parliament, and will almost certainly become law in a few months time. Though there has been, at least in some ways, a better debate over this bill than over previous attempts to update the UK’s surveillance law, it still seems as though the debate in both politics and the media remains distinctly superficial and indeed often deeply misleading.

It is in this context that I have a new academic paper out: “Data gathering, surveillance and human rights: recasting the debate”, in a new journal, the Journal of Cyber Policy. It is an academic piece, and access, sadly, is relatively restricted, so I wanted to say a little about the piece here, in a blog which is freely accessible to all – at least in places where censorship of the internet has not yet taken full hold.

The essence of the argument in the paper is relatively straightforward. The debate over surveillance is simplified and miscast in a number of ways, and those ways in general tend to make surveillance seem more positive and effective that it is, and with less broad and significant an impact on ordinary people than it might have. The rights that it impinges are underplayed, and the side-effects of the surveillance are barely mentioned, making surveillance seem much more attractive than should be – and hence decisions are made that might not have been made if the debate had been better informed. If the debate is improved, then the decisions will be improved – and we might have both better law and better surveillance practices.

Perhaps the most important way in which the debate needs to be improved is to understand that surveillance does not just impact upon what is portrayed as a kind of selfish, individual privacy – privacy that it is implied does not matter for those who ‘have nothing to hide’ – but upon a wide range of what are generally described as ‘civil liberties’. It has a big impact on freedom of speech – an impact that been empirically evidenced in the last year – and upon freedom of association and assembly, both online and in the ‘real’ world. One of the main reasons for this – a reason largely missed by those who advocate for more surveillance – is that we use the internet for so many more things than we ever used telephones and letters, or even email. We work, play, romance and research our health. We organise our social lives, find entertainment, shop, discuss politics, do our finances and much, much more. There is pretty much no element of our lives that does not have a very significant online element – and that means that surveillance touches all aspects of our lives, and any chilling effect doesn’t just chill speech or invade selfish privacy, but almost everything.

This, and much more, is discussed in my paper – which I hope will contribute to the debate, and indeed stimulate debate. Some of it is contentious – the role of commercial surveillance the interaction between it and state surveillance – but that too is intentional. Contentious issues need to be discussed.

There is one particular point that often gets missed – the question of when surveillance occurs. Is it when data is gathered, when it is algorithmically analysed, or when human eyes finally look at it. In the end, this may be a semantic point – what technically counts as ‘surveillance’ is less important than what actually has an impact on people, which begins at the data gathering stage. In my conclusion, I bring out that point by quoting our new Prime Minister, from her time as Home Secretary and chief instigator of our current manifestation of surveillance law. This is how I put it in the paper:

“Statements such as Theresa May’s that ‘the UK does not engage in mass surveillance’ though semantically arguable, are in effect deeply unhelpful. A more accurate statement would be that:

‘the UK engages in bulk data gathering that interferes not only with privacy but with freedom of expression, association and assembly, the right to a free trial and the prohibition of discrimination, and which puts people at a wide variety of unacknowledged and unquantified risks.’”

It is only when we can have clearer debate, acknowledging the real risks, that we can come to appropriate conclusions. We are probably too late for that to happen in relation to the Investigatory Powers Bill, but given that the bill includes measures such as the contentious Internet Connection Records that seem likely to fail, in expensive and probably farcical ways, the debate will be returned to again and again. Next time, perhaps it might be a better debate.

Internet Connection Records: answering the wrong question?

Watching and listening to the Commons debate over the Investigatory Powers Bill, and in particular when ‘Internet Connection Records’ were mentioned, it was hard not to feel that what was being discussed had very little connection with reality. There were many mentions of how bad and dangerous things were on the internet, how the world had changed, and how we needed this law – and in particular Internet Connection Records (ICRs) – to deal with the new challenges. As I watched, I found myself imagining a distinctly unfunny episode of Yes Minister which went something like this:

---

Scene 1:

Minister sitting in leather arm chair, glass of brandy in his hand, while old civil servant sits opposite, glasses perched on the end of his nose.

Minister: This internet, it makes everything so hard. How can we find all these terrorists and paedophiles when they’re using all this high tech stuff?

Civil Servant: It was easier in the old days, when they just used telephones. All we needed was itemised phone bills. Then we could find out who they were talking to, tap the phones, and find out everything we needed. Those were the days.

Minister: Ah yes, those were the days.

The Civil Servant leans back in his chair and takes a sip from his drink. The Minister rubs his forehead looking thoughtful. Then his eyes clear.

Minister: I know. Why don’t we just make the internet people make us the equivalent of itemised phone bills, but for the internet?

Civil Servant blinks, not knowing quite what to say.

Minister: Simple, eh? Solves all our problems in one go. Those techie people can do it. After all, that’s their job.

Civil Servant: Minister….

Minister: No, don’t make it harder. You always make things difficult. Arrange a meeting.

Civil Servant: Yes, Minister

---

Scene 2

Minister sitting at the head of a large table, two youngish civil servants sitting before him, pads of paper in front of them and well-sharpened pencils in their hands.

Minister: Right, you two. We need a new law. We need to make internet companies make us the equivalent of Itemised Phone Bill.

Civil servant 1: Minister?

Minister: You can call them ‘Internet Connection Records’. Add them to the new Investigatory Powers Bill. Make the internet companies create them and store them, and then give them to the police when they ask for them.

Civil servant 2: Are we sure the internet companies can do this, Minister?

Minister: Of course they can. That’s their business. Just draft the law. When the law is ready, we can talk to the internet companies. Get our technical people here to write it in the right sort of way.

The two civil servants look at each other for a moment, then nod.

Civil servant 1: Yes, minister.

---

 

Scene 3

A plain, modern office, somewhere in Whitehall. At the head of the table is one of the young civil servants. Around the table are an assortment of nerdish-looking people, not very sharply dressed. In front of each is a ring-bound file, thick, with a dark blue cover.

Civil servant: Thank you for coming. We’re here to discuss the new plan for Internet Connection Records. If you look at your files, Section 3, you will see what we need.

The tech people pick up their files and leaf through them. A few of them scratch their heads. Some blink. Some rub their eyes. Many look at each other.

Civil servant: Well, can you do it? Can you create these Internet Connection Records?

Tech person 1: I suppose so. It won’t be easy.

Tech person 2: It will be very expensive

Tech person 3: I’m not sure how much it will tell you

Civil servant: So you can do it? Excellent. Thank you for coming.

---

 

The real problem is a deep one – but it is mostly about asking the wrong question. Internet Connection Records seem to be an attempt to answer the question ‘how can we recreate that really useful thing, the itemised phone bill, for the internet age’? And, from most accounts, it seems clear that the real experts, the people who work in the internet industry, weren’t really consulted until very late in the day, and then were only asked that question. It’s the wrong question. If you ask the wrong question, even if the answer is ‘right’, it’s still wrong. That’s why we have the mess that is the Internet Connection Record system: an intrusive, expensive, technically difficult and likely to be supremely ineffective idea.

The question that should have been asked is really the one that the Minister asked right at the start: how can we find all these terrorists and paedophiles when they’re using all this high tech stuff? It’s a question that should have been asked of the industry, of computer scientists, of academics, of civil society, of hackers and more. It should have been asked openly, consulted upon widely, and given the time and energy that it deserved. It is a very difficult question – I certainly don’t have an answer – but rather than try to shoe-horn an old idea into a new situation, it needs to be asked. The industry and computer scientists in particular need to be brought in as early as possible – not presented with an idea and told to implement it, no matter how bad an idea it is.

As it is, listening to the debate, I feel sure that we will have Internet Connection Records in the final bill, and in a form not that different from the mess currently proposed. They won’t work, will cost a fortune and bring about a new kind of vulnerability, but that won’t matter. In a few years – probably rather more than the six years currently proposed for the first real review of the law – it may finally be acknowledged that it was a bad idea, but even then it may well not be. It is very hard for people to admit that their ideas have failed.

---

As a really helpful tweeter (@sw1nn) pointed out, there’s a ‘techie’ term for this kind of issue: An XY problem!  See http://xyproblem.info. ICRs seem to be a classic example.

 

Labour and the #IPBill

I am a legal academic, specialising in internet privacy – a lecturer at the UEA Law School. I am the author of Internet Privacy Rights: Rights to Protect Autonomy, published by Cambridge University Press in 2014, and was one of the academics who was a witness before the Joint Parliamentary Committee on the Investigatory Powers Bill. I am also a member of the Labour Party – this piece is written from all of those perspectives.

---

 Labour and the Investigatory Powers Bill

The Investigatory Powers Bill has its second reading on Tuesday – part of what appears an attempt to pass the Bill with unseemly haste. One of the biggest questions is how Labour will approach the Bill – the messages so far have been mixed. Andy Burnham’s press release on the 1^st of March in response to the latest draft was from my perspective the best thing that has emerged from Labour in relation to surveillance in many decades, if not ever.

What is important is that Labour builds on this – for in taking a strong and positive response to the Investigatory Powers Bill Labour has a chance to help shape its future in other areas. What is more, Labour can tap into some of its best and most important traditions and realise the promise of some of its best moments.

Demand more time

The first and most important thing that Labour should do at this stage is demand more time for scrutiny for the bill. There are some very significant issues that have not received sufficient time – the three parliamentary committees that have examined the bill so far (the Science and Technology Committee, the Intelligence and Security Committee and the specially convened Joint Parliamentary Committee on the Investigatory Powers Bill) all made that very clear. The Independent Reviewer of Terrorism Legislation, David Anderson QC has also been persistent in his calls for more time and more careful scrutiny – most recently in his piece in the Telegraph where he said:

“A historic opportunity now exists for comprehensive reform of the law governing electronic surveillance. Those who manage parliamentary business must ensure that adequate time – particularly in committee – is allowed before December 2016.”

David Anderson is right on all counts – this is a historic opportunity, and adequate time is required for that review. How Labour responds could well be the key to ensuring that this time is provided: a strong response now, and in particular the willingness to reject the bill in its entirety unless sufficient time is given, would put the government in a position where it has to provide that time.

As well as pushing for more time, there are a number of things that Labour – and others – should be requiring in the new bill, many of which were highlighted by the three parliamentary committees but have not been put into the new draft bill.

Proper, independent oversight

The first of these is proper, independent oversight – oversight not just of how the powers introduced or regulated by the bill are being used in a procedural way (whether warrants are being appropriately processed and so forth) but whether the powers are actually being used in the ways that parliament envisaged, that the people were being told and so forth. Reassurances made need to be not just verified but re-examined – and as time moves on, as technology develops and as the way that people use that technology develops it needs to be possible to keep asking whether the powers remain appropriate.

The oversight body needs not just to be independent, but to have real powers. Powers to sanction, powers to notify, and even powers to suspend the functioning of elements of the bill should those elements be found to be no longer appropriate or to have been misused.

Independent oversight – as provided, for example, by the Independent Reviewer of Terrorism Legislation – is not just valuable in itself, but in the way that it can build trust. Building trust is critical in this area: a lot of trust has been lost, as can be seen by the rancorous nature of a lot of the debate. It would help everyone if that rancour is reduced.

Re-examine and rebalance ‘Bulk Powers’

One of the most contentious areas in the bill is that of ‘Bulk Powers’: bulk interception, bulk acquisition (of communications data), bulk equipment interference (which includes what is generally referred to as ‘hacking’) and bulk personal datasets. These powers remain deeply contentious – and potentially legally challengeable. There are specific issues with some of them – with bulk equipment interference a sufficiently big issue that the Intelligence and Security Committee recommended their removal from the bill.

It is these powers that lead to the accusation that the bill involves ‘mass surveillance’ – and it is not sufficient for the Home Secretary simply to deny this. Her denials appear based on a semantic argument about what constitutes ‘surveillance’ – and argument that potentially puts her at odds with both the European Court of Human Rights and the Court of Justice of the European Union. It also puts the UK increasingly at odds with opinion around the world. The UN’s Special Rapporteur on the right to privacy, Joseph A. Cannataci, said in his Report to the UN Human Rights Council on the 8^th March:

“It would appear that the serious and possibly unintended consequences of legitimising bulk interception and bulk hacking are not being fully appreciated by the UK Government.”

Much more care is needed here if the Investigatory Powers Bill is to be able to face up to legal challenge and not damage not only people’s privacy but the worldwide reputation of the UK. Again, proper and independent oversight would help here, as well as stronger limits on the powers.

An independent feasibility study for ICRs

The Home Office have described ‘Internet Connection Records’ as the one genuinely new part of the Investigatory Powers Bill: it is also one of the most concerning. Critics have come from many directions. Privacy advocates note that they are potentially the most intrusive measure of all, gathering what amounts to substantially all of our internet browsing history – and creating databases of highly vulnerable data, adding rather than reducing security and creating unnecessary risks. Industry experts have suggested they would be technically complex, extortionately expensive and extremely unlikely to achieve the aims that have been suggested. All three parliamentary committees asked for more information and clarity – and yet that clarity has not been provided. The suggestion that ICRs are like an ‘itemised phone bill’ for the internet has been roundly criticised (notably by the Joint IP Bill Committee) and yet it appears to remain the essential concept and underpinning logic to the idea.

Given all this, to introduce the idea without proper testing and discussion with the industry seems premature and ill conceived at best. If the idea cannot be rejected outright, it should at least be properly tested – and again, with independent oversight. Instead of including it within the bill, a feasibility study could be mounted – a year of working with industry to see if the concept can be made to work, without excessive cost, and producing results that can actually be useful, can be properly secured and so forth. If at the end of the feasibility study the evidence suggests the idea is workable, it can be added back into the bill. If not, alternative routes can be taken.

Reassess encryption

Perhaps the most contentious issue of all at present is the way in which the bill addresses encryption. All three parliamentary committees demanded clarity over the matter – particularly in relation to end-to-end encryption. That clarity is conspicuous by its absence in the bill. Whether the lack of clarity is intentional or not is somewhat beside the point: the industry in particular needs clarity. Specifically, the industry needs the government to be clear in the legislation that it will not either ban end-to-end encryption, demand that ‘back doors’ are built into systems, or pressurise companies to build in those back doors or weaken their encryption systems.

The current position not only puts the government at odds with the industry, it puts it at odds with computer scientists around the world. The best of those scientists have made their position entirely clear – and yet still the government seems unwilling to accept what both scientists and industry are telling them. This needs to change – what is being suggested right now is dangerous to privacy and security and potentially puts the UK technology industry at a serious competitive disadvantage compared to the rest of the world.

Working with industry and science

Therein lies one of the most important keys: working with rather than against the IT industry and computer scientists. Plans such as those in the Investigatory Powers Bill should have been made with the industry and science from the very start – and the real experts should be listened to, not ridden roughshod over. Inconvenient answers need to be faced up to, not rejected. Old concepts should not be used as models for new situations when the experts tell you otherwise.

This is where one of Labour’s longest traditions should come into play. Harold Wilson’s famous Scarborough speech in 1963, where he talked about the ‘white heat’ of technology is perhaps even more apt now than it was all those years ago. Labour should be a modernising party – and that means embracing technology and science, listening to scientists and learning from them, using evidence-based policy and all that entails. Currently, the Investigatory Powers Bill is very much the reverse of that – but it still could become that, if appropriate changes are made.

Protecting ordinary people

Labour should also be tapping into another strong tradition – indeed in many ways its founding tradition. Labour was born to support and protect working people – ‘ordinary’ people in the positive sense of that word. Surveillance, in practice, often does precisely the opposite – it can be used by the powerful against those with less power. It can be politically misused – and the history of surveillance of trade unionists, left-wing activists is one of which the Labour Party should be acutely aware. Without sufficient safeguards and limitations, any surveillance system can and will be misused, and often in precisely these kinds of ways.

Labour could and should remember this – and work very hard to ensure that those safeguards and limitations are built in. Some of the measures outlined above – proper oversight, rebalancing bulk powers, a feasibility study on ICRs in particular – are intended to do precisely that.

Not ‘soft’ but strong

Building in these safeguards, working with technology industries and scientists, protecting rather than undermining encryption should not be seen as something ‘soft’ – and any suggestion that by opposing the measures currently in the Bill is somehow being ‘soft’ on terrorists and paedophiles should not just be rejected but should be turned on its head. The current bill will not protect us in the ways suggested – indeed, it will make us less secure, more at risk from cybercriminals, create more openings for terrorists and others, and could be a massive waste of money, time and expertise. That money, time and expertise could be directed in ways that do provide more protection.

What is more, as noted above, the current bill would be much more vulnerable to legal challenge than it should be. That is not a sign of strength: very much the opposite.

Labour’s future direction

Most of these issues are relevant to all political parties – but for Labour the issue is particularly acute. Labour is currently trying to find a new direction – the challenge presented by the Investigatory Powers Bill could help it be found. A positive approach could build on the old traditions outlined above, as well as the human rights tradition build in Blair’s early years: the Human Rights Act is one of New Labour’s finest achievements, despite the bad treatment it receives in the press. A party that forges alliances with the technology industry and with computer science, one that embraces the internet rather than seeing it as a scary and dangerous place to be corralled and controlled, is a party that has a real future. Labour wants to engage with young people – so be the party that supports WhatsApp rather than tries to ban it or break it. Be the party that understands encryption rather than fights against it.

All this could begin right now. I hope Labour is up to the challenge.

 

 

The IP Bill: opaqueness on encryption?

One thing that all three of the Parliamentary committees that reviewed the Draft Investigatory Powers Bill agreed upon was that the bill needed more clarity over encryption.

This is the Intelligence and Security Committee report:

This is the Science and Technology Committee report:

This is the Joint Parliamentary Committee on the Investigatory Powers Bill:

In the new draft Bill, however, this clarity does not appear to have been provided – at least as far as most of the people who have been reading through it have been able to determine. There are three main possible interpretations of this:

1. That the Home Office is deliberately trying to avoid providing clarity;
2. That the Home Office has not really considered the requests for clarity seriously; or
3. That the Home Office believes it has provided clarity

The first would be the most disturbing – particularly as one of the key elements of the Technical Capability Notices as set out both in the original draft bill and the new version is that the person upon whom the notice is served “may not disclose the existence or contents of the notice to any other person without the permission of the Secretary of State” (S218(8)). The combination of an unclear power and the requirement to keep it secret is a very dangerous.

The second possibility is almost as bad – because, as noted above, all three committees were crystal clear about how important this issue is. Indeed, their reports could be seen as models for the Home Office as to how to make language clear. Legal drafting is never quite as easy as it might be, but it can be clear and should be clear.

The third possibility – that they believe they have provided clarity is also pretty disastrous in the circumstances, particularly as the amount of time that appears to be being made available to scrutinise and amend the Bill appears likely to be limited. This is the interpretation that the Home Office ‘response to consultations’ suggests – but people who have examined the Bill so far have not, in general, found it to be clear at all. That includes both technological experts and legal experts. Interpretation of law is of course at times difficult – but that is precisely why effort must be put in to make it as clear as possible. At the moment whether a backdoor or equivalent could be demanded depends on whether it is ‘technically feasible’ or ‘practicable’ – terms open to interpretation – and on interdependent and somewhat impenetrable definitions of ‘telecommunications operator’, ‘telecommunications service’ and ‘telecommunications system’, which may or may not cover messaging apps, hardware such as iPhones and so forth. Is it clear? It doesn’t seem clear to me – but I am often wrong, and would love to be corrected on this.

This issue is critical for the technology industry. It needs to be sorted out quickly and simply. It should have been done already – which is why the first possibility, that the lack of clarity is deliberate, looms larger  that it ordinarily would. If it is true, then why have the Home Office not followed the advice of all three committees on this issue?

If on the other hand this is simply misinterpretation, then some simple, direct redrafting could solve the problems. Time will tell.

An independent review body for the IP Bill?

One of the recommendations of the Joint Parliamentary Committee on the Investigatory Powers Bill was that the Bill should include some kind of a review process or ‘sunset clause’. The new Bill, as I noted in my earlier post on the subject, has included a term that seems to answer that recommendation – but does so in such a cursory way as to be close to irrelevant. This is how it is set out:

222 Review of operation of Act

(1)  The Secretary of State must, within the period of 6 months beginning with the end of the initial period, prepare a report on the operation of this Act.

(2)  In subsection (1) “the initial period” is the period of 5 years and 6 months beginning with the day on which this Act is passed.

(3)  In preparing the report under subsection (1), the Secretary of State must, in particular, take account of any report on the operation of this Act made by a Select Committee of either House of Parliament (whether acting alone or jointly).

(4)  The Secretary of State must

(a)  publish the report prepared under subsection (1), and

(b)  lay a copy of it before Parliament.

So, effectively, this means that the Secretary of State will have to produce a report after six years and lay a copy of it before Parliament – that’s all. Six years is a long time in relation to the internet. Six years ago, for example, WhatsApp had only just been launched, and SnapChat did not even exist. Facebook had 400 million users: it now has 1.6 billion.

Even more pertinently, the Investigatory Powers Bill has some significant new and distinctly controversial powers – most directly some of the ‘Bulk Powers’ and the Internet Connection Records (ICRs) about which I have also written about a number of times (here and here for example). ICRs have been criticised in a number of ways: their potential intrusiveness, the difficulty in defining what they actually are, the costs involved in their collection and retention, and the likelihood of their being able to do what the Bill suggests that they should do. All these matter – and to a great extent all of these are a matter of conjecture. Those like myself who believe that they will end up hugely expensive, highly ineffective and potentially vulnerable are to at least some degree speculating – but so are those who believe they’ll be a crucial tool for law enforcement and the security services, a proportionate and effective response, easily safeguarded and no great burden on the relevant service providers.

Both sides of the argument believe that they’re right – and have provided evidence to back up their opinions. Personally I believe that my evidence is the more compelling – but I would believe that. I am sure that the proponents of the inclusion of Internet Connection Records believe the same about their evidence. Who is right? The best way to tell might well be to have a proper, regular and independent review of the reality. An audit of a kind, to assess all these different aspects. Is it proving easy to define ICRs in all the relevant cases? Are the ICRs being useful? Are they proving expensive to collect and retain? Have they been kept securely or have there been losses through error, hacking, technological malfunction or something similar?

This kind of audit could be required under the Act – and if the drafters had followed the advice of the Independent Reviewer of Terrorism Legislation and created an Independent Intelligence and Surveillance Commission, it could have been the perfect body to perform such an audit. If that Commission had been granted the powers to ask for a part of the bill to be suspended or subject to amendment that would make this possibility even better.

In my oral evidence to the Committee I suggested something further – that the review should include a kind of ‘contextual’ review, looking not just at how the powers were being used in relation to the Bill, but in relation to how people were using communications systems. In effect, assessing whether the powers were still appropriate and balanced because how people use service can, in practice, change how intrusive powers relating to a service can be. Undermining encryption, for example, is far less troublesome if the only people using encryption are the most technologically adept of geeks and nerds than it is if we are all reliant on encryption for our banking and confidential work.

If properly constituted and empowered, a review body could look at this – and rather than being in a position we are now, where outdated laws are being misapplied to situations that have radically changed, we could keep not just the law but how it is used up to date and proportionate. We could learn where mistakes are being made, where resources are being misapplied, what works and what doesn’t work – and not just from those who have a vested interest in telling us that those powers are working and that they need the resources that they’re being given. The two examples we have in this field – the Independent Reviewer of Terrorism Legislation and the Interception of Communications Commissioner’s Office (IOCCO) – have proven their worth in a number of ways. An independent body to oversee the implementation, effectiveness and proportionality of the operations of the Investigatory Powers Bill could be similarly effective.

That, however, is not what the IP Bill currently proposes. The review as it is set out in S 222 is too late, not independent, and without the power to produce any real effect. This could, however, be relatively simply changed. In their response to the consultations, the main objection to making such a change seems to be cost: the response says that it would cost an extra £0.5m/year.  Though that may seem like a lot of money, in the grand scheme of things it really is not. If, as just one (small) example, ICRs are as expensive as it seems likely they will be, and the review body reveals this after three years rather than six, spending that £0.5m/year would be very cheap at the price. Other savings could be made in other areas as revealed by the reviews – and that’s not considering the significant extra level of trust that would be generated by a properly independent review body. The potential benefits are very significant: I hope that those pushing the Bill are willing to consider it.

The Internet is not a Telephone System

One of the most important statements in the report of the Joint Committee on the Draft Investigatory Powers Bill is also one that may seem, on the surface at least, to be little more than a matter of presentation.

“We do not believe that ICRs are the equivalent of an itemised telephone bill. However well-intentioned, this comparison is not a helpful one.”

The committee had to make this statement because a number of the advocates for the Bill – and for the central place that Internet Connection Records play in the Bill – have been using this comparison. Many of the witnesses to both this committee and the two other parliamentary committees that have scrutinised and reported on the Bill (the Science and Technology Committee and the Intelligence and Security Committee) have been deeply critical of the comparison. The criticisms come from a number of different directions. One is the level of intrusion: this is Big Brother Watch, in the IP Bill Committee report:

“A telephone bill reveals who you have been speaking to, when and for how long. Your internet activity on the other had reveals every single thing you do online.”

Some criticised the technological complexity. This is from Professors John Naughton and David Vincent’s evidence to the IP Bill Committee:

“The Secretary of State said that an Internet Connection Record was “simply the modern equivalent of an itemised phone bill”. It is a deeply misleading analogy, because—whatever it turns out to be—an ICR in the current technological context will be significantly more complex and harder to compile than an itemised bill.”

Others, including myself, made the point that the way that people actually use the internet – and the way that the current communications systems function – simply does not fit the whole idea. Andrews & Arnold Limited put it like this:

“If the mobile provider was even able to tell that [a person] had used Twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to Twitter 24 hours a day, and probably Facebook as well. is is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.”

This is Richard Clayton:

“The ICR data will be unable to distinguish between a visit to a jihadist website and visiting a blog where, unbeknown to the visitor (and the blog owner) the 329th comment (of 917) on the current article contains an image which is served by that jihadist site. So an ICR will never be evidence of intent—it merely records that some data has owed over the Internet and so it is seldom going to be ‘evidence’ rather than just ‘intelligence”.”

The Home Secretary, however, effectively dismissed these objections – but at the same time highlighted why the mistaken comparison is more important, and more revealing than just a question of presentation.

“As people move from telephony to communications on the internet, the use of apps and so forth, it is necessary to take that forward to be able to access similar information in relation to the use of the internet. I would say it is not inaccurate and it was a genuine attempt to try to draw out for people a comparison as to what was available to the law enforcement agencies now—why there is now a problem—because people communicate in different ways, and how that will be dealt with in the future.”

There were two ways to interpret the initial comparison. One interpretation was that it was a deliberate attempt to oversimplify, to sell the idea to the people, all the time knowing that it was an inappropriate comparison, one that simultaneously downplayed the intrusiveness of the records, underestimated the difficulty there would be in creating them and overestimated their likely effectiveness in assisting the police and the security services. The other was that those advocating the implementation of internet connection records genuinely believed that the comparison was a valid and valuable one. The evidence of the Home Secretary – and indeed of others backing the bill – seems to suggest that the second of these interpretations is closer to the truth. And though the first may seem the more worrying, as it might suggests a level of deception and dissembling that should disturb anyone, it is the second that should worry us more, as it betrays a far more problematic mindset, and one that sadly can be seen elsewhere in the debate over surveillance and indeed over regulating, policing and controlling the internet in other ways.

It suggests that rather than facing up to the reality of the way the internet works, those in charge of the lawmaking (and perhaps even the policing itself) are trying to legislate as though the internet were the kind of communication system they are used to. The kind they already understand. They’re not just comparing the internet to a telephone system, they’re acting as though it is a telephone system, and trying to force everything to fit that belief. With the concept of Internet Connection Records, they’re saying to the providers of modern, complex, interactive, constantly connecting, multifaceted systems that they’ve got to create data as though their modern, complex, interactive constantly connecting and multifaceted systems were actually old-fashioned telephone systems.

The problem is that the internet is not an old-fashioned telephone system. Pretending that it is won’t work. The problems highlighted – in particular the technical difficulties and the inevitable ineffectiveness – won’t go away no matter how much the Home Office wish for them to do so. It is a little disappointing to me that the report of the committee was not strong enough to say this directly – instead they emphasise that the government needs to explain how it will address the issues that have been raised.

Sadly it seems almost certain that the government will continue to push this idea. The future seems all too easy to predict. A few years down the line they will still be trying to get the idea to work, still trying to make it useful, still trying to prove to themselves that the internet is just like a telephone system. Many millions will have been spent, huge amounts of effort and expertise will have been wasted on a fruitless, irrelevant and ultimately self-defeating project – money, effort and expertise that could, instead, have been put into finding genuinely effective ways to police the internet as it is, rather than as they wish it still was.

 

 

A few words on ‘Internet Connection Records’

There are many things in the new draft Investigatory Powers Bill that need very careful attention – some of which may be cautiously welcomed, some of which need to be taken with a distinct pinch of salt. The issues surrounding ‘Bulk Powers’ (which we’re not supposed to call ‘mass surveillance’) and ‘Equipment Interference’ (which I presume we’re not supposed to call hacking) will be examined in great detail, and quite rightly so because they’re of critical importance, and clearly recognised as such. The issue of ‘Internet Connection Records’, on the other hand, does not yet seem to have been given the attention it deserves – but I am sure that will change, because the collection of them has massive significance and represents a major change in surveillance, for all that they are described in the introduction to the bill as just ‘restoring capabilities that have been lost as a result of changes in the way people communicate’. They don’t restore capabilities: they provide hitherto unprecedented intrusion into people’s lives.

Internet Connection Records (ICRs)

The description of ICRs in the bill leaves quite a lot to be desired. In the introductory explanation they are set out as:

In accordance with the bill, these ICRs will be captured and stored for a year by the communications providers. This means, essentially, that a rolling record of a year of everyone’s browsing history will be stored. Not, it seems, beyond the top level of website (so that you’ve visited ‘www.bbc.co.uk’ but not each individual page within that website, nor what you have ‘done’ on that website). The significance of this data is very much underplayed, suggesting it is just a way of checking that so-and-so accessed Facebook at a particular time, in a similar way to saying ‘so-and-so called the following number’ on the phone, and thus the supposed ‘restoring of capabilities’ referred to. That, however, both misunderstands the significance of the data and of the way that we use the technology.

The latter part is perhaps the most easily missed. Our ‘online life’ isn’t just about what is traditionally called ‘communications’, and isn’t the equivalent of what we used to do with our old, landline phones. For most people, it is almost impossible to find an aspect of their life that does not have an online element. We don’t just talk to our friends online, or just do our professional work online, we do almost everything online. We bank online. We shop online. We research online. We find relationships online. We listen to music and watch TV and movies online. We plan our holidays online. Monitoring the websites we visit isn’t like having an itemised telephone bill (an analogy that more than one person used yesterday) it’s like following a person around as they visit the shops (both window shopping and the real thing), go the pub, go to the cinema, turn on their radio, go to the park, visit the travel agent, look at books in the library and so forth.

That, however, is only part of the problem. The other aspect is perhaps even more important – the inferences that can be gleaned from analysis of the ICRs. There are two different sides to this:

1. The first is the ‘logical’ analysis of web browsing data: the kind of inferences that can be made by looking at the kinds of sites visited, the times that they are visited and so forth. This can be very direct, like using knowledge that a person visited sites connected with a particular religion to ‘guess’ their own religion, or that they visited sites connected with a particular health condition to ‘guess’ that they might be concerned about their own health. It can also be less direct but similarly logical – men who spend a lot of time watching Top Gear might be thought to have sympathy for Jeremy Clarkson’s views on ‘political correctness’ or be skeptical about climate change, or people who visit a lot of ‘news’ websites might be particularly interested in politics. People who visit pizza delivery websites regularly might be ‘guessed’ to have unhealthy lifestyles. The number of possibilities are huge – and not just relating to the actual sites visited, but the time and pattern of those visits. Browse a great deal in the middle of the night, and that says something very different to browsing only during working hours.
2. The second is perhaps even more concerning: the ‘big data’ analysis of ICRs. One of the critical aspects of ‘big data’ is that it picks up traits and establishes correlations rather than seeking to find logical connections for things. This has been studied by academics, with some surprising findings – the story from one such study that ‘liking’ (in Facebook terms) curly fries correlates to higher intelligence makes the point. This kind of data – and it really is ‘big data’ – allows far more inferences to be drawn than are immediately obvious. Moreover, it is a kind of analysis that is being worked on, and worked on extensively, by some of the biggest, most powerful and most technologically advanced corporations in the world. What Google, Facebook and others develop in order to identify target audiences for advertising or markets for products is just as suitable for identifying people with particular political views.

The problems with these inferences should not be underestimated. If they’re accurate, they represent major intrusions into people’s privacy – sometimes they allow the analysts to predict behaviour better than the people themselves can predict it – whilst if they’re inaccurate they can mean that terrible decisions are made about people. When this is confined to advertising the impact is rarely that significant (though it can be, as the non-apocryphal stories of revealed pregnancies and sexuality have shown) but if decisions are made on a similar basis by law enforcement or security services they could be hideous.

So we should not underplay the importance of Internet Connection Records. They matter a great deal – and gathering them is a major step in surveillance. What is more, asking communications service providers to gather and hold them adds a whole raft of new vulnerabilities. The Talk Talk hack – and Talk Talk are precisely the kind of company who would be forced to hold this kind of data – should make the vulnerability to hacking crystal clear. This kind of data is perfect for identity theft, scamming, blackmail (Ashley Madison style) and far more crimes, and the servers holding it might as well have big red signs on them saying ‘hack me please’. The chance of individual misuse of the information should also not be downplayed – in the initial draft of the Bill it looks as though access to the data will not be via warrant, but through the ‘Designated Person’. The past has shown how individuals can misuse systems for personal reasons – this kind of data can be very tempting.

The chance of ‘function creep’ is perhaps even more concerning. Where systems are built and data gathered for one purpose, it is hard to resist using it for another, seemingly obvious and sensible reason. That’s how RIPA ended up being used for dog fouling, fly-tipping and school catchment enforcement when it was intended for terrorism and serious crime. If you build it, it will be used, and not just for the original purpose.

None of this is to say that Internet Connection Record should definitively not be collected – but that the ‘mature debate’ that has been called for on surveillance should be about what they can really be used for, and the depth of the intrusion into people’s lives that they really represent. The bar should be set very high here, and the case to gather and hold this information needs to be a very good one indeed. The arguments put forward so far do not seem strong enough to me – perhaps more will be provided in the process through which the bill is scrutinised over the next few months. If not, this is a part of the bill that should be opposed very strongly.

No, Mr Hammond, the debate has barely begun…

In a speech to the Royal United Services Institute yesterday (the text of which can be found here) Foreign Secretary Phillip Hammond suggested that the debate over privacy and security, over mass surveillance and the role, tactics and practices of the intelligence and security services, was nearly over. In his words, after the current reviews by the Intelligence and Security Committee (the ISC) and the Independent Reviewer of Terrorism Legislation, both of which are due to report shortly, “we should draw a line under the debate”.  I have one simple and direct response to that. No, Mr Hammond, it isn’t time to ‘draw a line’. The debate isn’t over: it has barely begun.

In his speech, Hammond highlights and praises the role played by the ISC. As he puts it:

“I regard the independent scrutiny and oversight that the ISC provides as a particular and significant strength of the British system.”

Is he talking about the same ISC that put on a public show in November 2013, a public hearing that was little more than theatre, carefully scripted, where the anodyne questions were given in advance to the heads of MI5, MI6 and GCHQ so that they could prepare the answers? The same ISC which failed to notice that, as ruled by the Investigatory Powers Tribunal last month, GCHQ had been acting unlawfully in its surveillance activities for seven years? The same ISC whose chair, Sir Malcolm Rifkind, cheerfully admitted to me at a round table event that formed part of the aforementioned review that he did not understand the most important piece of legislation governing interception and surveillance, the Regulation of Investigatory Powers Act. That same Sir Malcolm Rifkind who had to resign from his position as Chair of the ISC for being duped into offering his services to a fake Chinese company – and even now does not seem to acknowledge that in his position taking a role for a Chinese company might provide some sort of conflict of interest?

No, Mr Hammond, the ISC does not provide the kind of ‘independent scrutiny and oversight’ that is needed – indeed, we don’t just need a review by the ISC, we need a full review of the ISC, so that it has some degree of real independence, so that it has the ability and knowledge, the understanding of the technology and the law that is needed in order to provide real ‘scrutiny and oversight’. Right now, it isn’t a ‘particular strength of the British system’ but very much the opposite. Its existence might suggest we have oversight: in practice, we really don’t.

And how can we draw a line under the debate when even the terms of that debate are still confused? As I’ve written before, the characterisation of the debate is – either deliberately or ignorantly – miscast. Rifkind characterised it as ‘individual privacy vs collective security’ – failing to grasp either that privacy is far from an individual right (indeed, its main function is one about relationships between people, and it underpins collective rights like freedom of assembly and association, and indeed freedom of expression) or that it isn’t really a ‘balance’, or that people want one or the other. People don’t want privacy or security – they want both, and they should be able to have both.

Phillip Hammond continues this mischaracterisation in his speech, referring to the “balancing act between the privacy we desire and the security we need”. No, Mr Hammond, privacy isn’t something we ‘desire’ – it’s something we need. It is a right, a right reflected in all the significant Human Rights documents, and in the Universal Declaration of Human Right and the European Convention on Human Rights in particular, both of which the UK is a party to. A qualified right, of course, but a right nonetheless, and to portray it as something we ‘desire’ is to downplay its significance, something that advocates of authoritarianism appear very keen to do. Privacy isn’t a selfish whim, it’s a fundamental right – and privacy on the internet is becoming more, not less, important these days as we spend more time and put more of our lives online. It is not something to be downplayed, but something to be taken more and more seriously.

So, Mr Hammond, no. No line can be drawn under the debate. As well as the two reviews mentioned in the speech, there are a whole series of legal challenges to the various activities of the intelligence services and others, not just in the UK but all over the world. The debate is only just starting – and if you expect privacy advocates, civil liberties advocates and others to stop campaigning, I’m afraid you’re very much mistaken. Others have recognised this – last Friday I was part of a seminar organised by the Association of Chief Police Officers into the ethics of policing the internet, the debate about which the police believe is only just starting.

Indeed, no line should be drawn under the debate: these debates need to continue forever. The watchmen need to be watched.  The price of liberty is eternal vigilance – and that includes vigilance over the authorities, not just by the authorities.

A new Snoopers’ charter, drip by drip?

When the Data Retention and Investigatory Powers Act was passed with undue haste this summer, the one ‘saving grace’ promised to us by the Liberal Democrats, hitherto guardians of our civil liberties and killers of the Snoopers’ Charter, was the ‘sunset clause’ of December 2016, and the promise of careful and considered review of powers before then.

That careful and considered review – or rather several careful and considered reviews – began. Specifically, the Parliament Intelligence and Security Committee continued the review that it had begun before the hasty passing of DRIP, while the Independent Reviewer of Terrorism Legislation began his own consultation. Both these reviews do seem to have been both careful and considered – I made submissions to both of them, and was invited to a highly illuminating ’round table’ session by the ISC, as well as receiving a fast and clear response by the Independent Reviewer of Terrorism Legislation that showed he had read and understood what I said. In both cases, the feeling I was left with was one of cautious optimism. Those of us advocating a more privacy-friendly, less invasive approach were being listened to, or so it seemed….

…but at the same time, something very different seems to have been happening. There have been a series of speeches by important people that seem to be working directly against that careful, considered approach. The incoming head of GCHQ made a speech that was remarkably aggressive – effectively calling Google and Facebook tools for terrorists. The Commissioner of the Metropolitan Police followed that with what amounted to an anti-privacy tirade, in particular condemning the use of encryption, and saying that the net had become a ‘safe-haven for terrorists and paedophiles’. Both seemed to be trying to suggest that the social media was an untamed wilderness that needed to be reined in – and at the same time seemed to want to inspire fear of the ‘deep, dark web’. The Culture Secretary, Sajid Javid, followed that with a speech suggesting that Article 8 – the right to a private life – had gone too far, and again invoking the threat of terrorists and paedophiles.

…and then, yesterday, Theresa May announced more powers for the police – technical powers, crucial, she said, for the fight against terror. Technical, and yet not discussed with the Internet Service Providers Association, or, seemingly, with those few MPs (such as Julian Huppert) who actually understand the internet, at least to some degree.

…and all this, at the same time as the reviews are taking place. It has the feeling of a drip, drip, dripping, trying to build up a stronger ‘anti internet freedom’ atmosphere. ‘The internet is something to be scared of, full of paedophiles, terrorists and extremists’ so needs to be reined in. Theresa May openly admits she wants to bring back the Snoopers’ Charter – despite its defeat the last time around – so she’s trying to lay the foundations for its return. Working on our resistance. Wearing us down. Trying, it seems, to make sure that the careful, considered review is anything but careful and considered – because the invocation of terrorists and paedophiles makes it impossible to be careful and considered. If you aren’t in favour of these obviously sensible measures, you’re on the side of the extremists, of the terrorists, of the paedophiles. Today, whilst debating the subject on Twitter, I was effectively told that I would have blood on my hands if I opposed the extension of powers.

We should do our very best to resist this. The review must be careful and considered – because there are significant and important issues at stake. Privacy matters – as do all the rights and needs that it supports, from freedom of expression to freedom of assembly and association. Civil liberties like these need privacy – because without that privacy there is a distinct and direct chill. Those of us who suggest that surveillance has gone too far can point to a number of recent revelations – that communications between journalists and their sources, between lawyers and their clients, between prisoners and their MPs, have all been compromised. This matters – and needs to be taken seriously.

On the other hand security also matters – and none of those who I know as privacy advocates deny this, despite what some of our opponents might suggest. We know that it matters – and want to have a sensible, rational, level-headed review of the whole system. We don’t expect our privacy needs to override security – but we do expect that some kind of a balance can be found. That needs an atmosphere without the kind of hyperbole that has been produced in the last few weeks. Can we find that? It does not seem very hopeful at the moment, particularly with a general election looming at the two major parties seemingly competing to see who can be ‘tougher’. I hope we can be equally tough – but tough in terms of fighting for our rights. If we’re not, then we’ll have a new Snoopers’ Charter before we’re even aware what is happening.

 

Politics, surveillance and trust….

Themistocles grinned; it made me like him. “There you see it – that’s how we do it here. Among you Medes, I’m told, there are many men so honorable that everyone trusts them. We’re not like that at all – we never trust one another. So what we do instead is make sure that each side’s represented, so that every rascal’s got two worse looking over his shoulder.”

Gene Wolfe, Soldier of Arete.

I’ve always liked those words, put into the mouth of Themistocles by Gene Wolfe. Soldier of Arete is one of my favourite books – giving a very different perspective on the Ancient Greeks. Wolfe tries (and for me succeeds) to give a sense of what life might really have been like – not a place of divine nobility or unattainable grace, but a place inhabited by real people. Themistocles was one of the most successful of Athenian generals and politicians – someone around at the early days of what we these days call democracy. Wolfe’s version of Themistocles is a very much a likeable character, and a very grounded one. His view of democracy, of honour and of trust is one that seems both very real and very appropriate even for these days. Honour and trust are all very well, but for things to work well, we always need someone looking over people’s shoulders.

That’s particularly relevant to surveillance. ‘Quis custodiet ipsos custodes?’, to borrow another classical source. Who watches the watchmen? At the Intelligence and Security Committee ’round table’ sessions on Tuesday (about which I wrote here) it was one of the key issues – as were the issues of honour and trust. The first question that Sir Malcolm Rifkind asked at our table was whether we thought the intelligence services acted with ‘good faith’. I understood him to mean, essentially, whether we trusted them. Whether we thought they were honourable people. My answer was that I did think they were acting in good faith – but that that is not enough. I’m not like the Mede with which Themistocles was talking in Soldier of Arete, who thought some people are so honourable that they can be trusted completely. Good faith is a good start, but it’s not nearly enough. Limits on surveillance, controls, balances and strong oversight are still needed, no matter whether the intelligence services are acting in ‘good faith;’, and regardless of whether they are honourable, trustworthy people. Even the most able and honourable people need to be overseen. They make mistakes. They can be misled. They can be confused. They can be given poor information and make inappropriate decisions. And are we sure they are honourable and acting in good faith? It doesn’t matter if almost all of them are – even a single person who isn’t and is given free rein is capable of creating a disaster.

That’s not to say, of course, that trust isn’t important. At a certain level, we have to trust people – human life would be impossible if we didn’t. In things like surveillance, that trust, however, needs to be earned. It needs to be demonstrated that people are worthy of what trust we give them – and right now, after the Snowden revelations, trust in the intelligence services is in a great deal of doubt. It needs to be rebuilt – and that means much more transparency is needed to start with, but also much more understanding. It needs to be made clear that those in authority understand why people are bothered by this. It means that they need take our worries and concerns seriously.

Right now, too, it means that they can’t expect us to take what they tell us on trust. It means there should be a little more humility, a little more of what might be called ‘grace’. The way that the Data Retention and Investigatory Powers Act (DRIP) was steamrollered through parliament this summer showed none of this. The reverse: it showed contempt for people, and a huge amount of disrespect. The whole process, rather than helping to rebuild the trust, to demonstrate the good faith, to show that they are honourable people, reduced that trust, demonstrated bad faith, and suggested that they are far from honourable. And that goes for the ‘honourable members’ of parliament and for the intelligence services who presumably suggested the bill. I say ‘presumably’, because we really don’t know, and never got the chance to find out. Sir Malcolm Rifkind admitted on Tuesday that he didn’t understand RIPA: how many of the MPs who passed DRIP understood what they were passing? My guess is that they ‘trusted’ the people telling them it was needed, and decided that was enough.

Well, for me it wasn’t. Not nearly enough. We need much more – and I’m waiting.