The more we live our lives online, the greater the temptation for governments and private companies to spy on us. Padraig Reidy highlights the dark side of our increasing dependence on digital communications
(more…)
If passed, the UK’s draft Communications Data Bill — also known as the “Snooper’s Charter” — will make room for the blanket storage of information on British citizen’s emails, text messages and internet activity. Companies would have to collect data they don’t currently retain, and the Home Secretary would have the power to request communications equipment manufacturers install hardware to make spying easier.
With these concerns in mind Index hosted a panel on the bill today chaired by trustee John Kampfner, who was joined by Index CEO Kirsty Hughes, Demos’s Jamie Bartlett, Emma Ascroft of Yahoo and Ian Brown from Oxford University.
There was consensus over the bill’s red flags, particularly its broad language and wide extension of surveillance powers to anyone who provides telecommunications operating systems. This would include social networks and domain name registries.
K Hughes @indexcensorship: danger that authoritarian regimes will adopt & imitate UK’ssnoopers’ charter. #commsdata
— Natasha Schmidt (@tasheschmidt) October 18, 2012
For Yahoo’s Emma Ascroft, it was unclear what consideration the UK’s Home Office had given to jurisdiction boundaries. The broad nature of the bill means the UK would be the first country to extend its jurisdiction, creating a reserve power to “require UK providers to retain data that they could not obtain directly.” The Home Office has acknowledged, Ascroft said, that the UK would be the first country to extend its jurisdiction in this way, but added there will be a “tension” where UK citizens’ data is available to foreign law enforcement authorities. This would, she warned, lead to a “complex patchwork of overlapping laws”.
Of equal concern was them chilling effect the bill could have if passed, as Index CEO Kirsty Hughes described:
It risks undermining anonymity, particularly whistleblowing, if user data can be tracked and comprehensively collected.
K.Hughes @indexcensorship: govt sending mixed messages. You can’t defend online freedoms in one context, withdraw them in another #commsdata
— robertsharp59 (@robertsharp59) October 18, 2012
Hughes @indexcensorship: Is the Govt’s first duty to protect our SECURITY or our RIGHTS? #CommsData
— robertsharp59 (@robertsharp59) October 18, 2012
But despite conceding no other democracies had gone as far as the UK proposes to go, Jamie Bartlett felt the bill didn’t go far enough. Emphatic that he was “in favour of regulated, transparent and clear powers of surveillance”, he said there were far greater problems posed by the ability of the government to access open source social media content, which is currently not covered by the Regulation of Investigatory Powers Act (RIPA). Writing for Index today, Bartlett said:
This type of widespread, mass social media monitoring needs to regulated, limited, and put on a legal footing.
Yet the fact that the bill is not subject to judicial oversight, combined with the prospect of a backstop power, worried some. For Oxford University’s Ian Brown, the latter went to “the heart of proportionality”, which Index and other rights groups have flagged as one of the bill’s greatest flaws.
“The Home Office has to come out of its comfort zone,” Ascroft concluded, pointing to internal conflict over the bill. “The Foreign Office, justice department, culture department, they all have anxieties.”
While she predicted the bill would be amended, Hughes suggested there was a risk this would not go far enough. “We need the UK’s voice out there defending digital freedom,” she said.
I hope that the panellists at the @indexcensorship #snooperscharter debate are right that the committee are learning fast! @julianhuppert
— Paul Bernal (@PaulbernalUK) October 18, 2012
The joint committee on the bill is due to report on 30 November.
Any extension of state powers of surveillance are — rightly — hotly contested. The current Data Communications Bill is no exception. There are problems with this bill — but maybe not the ones you’ve heard of.
Almost universally, it has been labelled the ‘snoopers charter’ by its opponents, representing an enormous encroachment of state spying into the lives of innocent citizens. Journalists are outbidding each other in their vitriol toward it, usually calling on Orwell. One example from many is Index’s Mike Harris in the Independent: “This proposed scale of state surveillance will add the UK to the ranks of countries such as Kazakhstan, China and Iran.”
This, to me, is misleading. Yes, China, Iran, and Kazakhstan use “Deep Packet Inspection”, which this Bill proposes. But we also bug citizens’ homes — far more intrusive. What matters is the way it is regulated. There is a difference between governments that pass surveillance laws through a vote of elected representatives of those that will be monitored, and governments that do not.
Nor is it about mass surveillance by the state. This Bill is asking/demanding/paying communications companies to collect and retain data on the existence of people’s communications for 12 months, so that in the event that a request is made for that information, it is available.
Crucially, the state only accesses this information when a successful application is made through the existing Regulations of Investigatory Powers Act 2000. This does not include the content of a communication — which has to go through a more stringent process of access. In that respect, not so much has changed, because this all happens already, it’s just that rather often, the information the police want is not there. (And in case no-one noticed, little brother is already miles ahead of what Big Brother is doing.)
That is not to say that the bill is perfect. Four changes would improve it considerably.
First: clarity. All infringements on our civil liberties need to be based on some kind of public understanding and consent that the measures being taken are proportionate and necessary. But the Bill is vague, the technology complicated, some specifics necessarily secretive. Is should be far more explicit: this would allow for at least an informed debate about whether the measures proposed are necessary and proportionate.
Second, given the value of the Internet to the economy and society (something RIPA is pledged to defend); and the potential misuse of modern technology – including the difficulty of splitting content from communication — only the very strictest system of oversight and redress will do here. More is needed.
Third, the root of RIPA is that the more serious the intrusion, the fewer agencies can do it, and for fewer purposes. RIPA makes a distinction between content and communications data — the latter being considers far less intrusive, and so much easier to obtain. But when RIPA was passed, communications data used to be mainly be about who you phoned and when. Now it means what websites you visit, where you are, and whom you email. Therefore a new category for this ‘use’ data may need to be created. The authorisation for accesses should be higher than the current bill proposes, but lower than the Home Secretary signing if off, as with content intercept, ideally a warrant from an independent magistrate.
The final problem troubles me most. It is now far easier for the state to access personal information that we citizens happily put into the public domain. Twitter can be mined in real time, open source Facebook groups can be monitored, networks and relationships contructed: all outside the RIPA legislation. None of this is mentioned in the new bill — but I think it is this that worries the public and many journalists. As I argued in #intelligence this type of widespread, mass social media monitoring needs to regulated, limited, and put on a legal footing. The bill is a chance to tackle this tricky problem: otherwise it could make the current furore seem like a minor skirmish.
Jamie Bartlett is Head of the violence and extremism programme at the UK think-tank, Demos, and Director of the Centre for the Analysis of Social Media. Follow him @JamieBartlett
In Britain, the government is proposing legislation (the Communications Data Bill) that will grant the Home Secretary the power to blanket retain data on every citizen for an undefined purpose. It won’t require judicial approval — but potentially every text message, every Facebook message, every phone call, every email from everyone in Britain would be stored on behalf of Her Majesty’s Government. If the Bill passes, companies will have to collect data they don’t currently collect and the Home Secretary will be able to ask manufacturers of communications equipment to install hardware such as ‘black boxes’ on their products to make spying easier. This proposed scale of state surveillance will add the UK to the ranks of countries such as Kazakhstan, China and Iran. This total population monitoring would break the fundamental principle that a judge and court order is required before the state invades the privacy of its citizens by holding their personal data.
Conservative MP Dominic Raab talks to Mike Harris about civil liberties, free speech and how he “wouldn’t lose any sleep” if the UK’s communications data bill were canned
(more…)