"What does the UK Home Office think they want to do, and why do they think they want to do it?" The question was a recurring theme at Scrambling for Safety 2012, a conference to discuss the mooted new powers for the "Surveillance State", swiftly arranged in the wake of April's media furore. Academics, MPs, lawyers, journalists, civil libertarians, ex-police officers, a smattering of technologists and industry representatives plus a few people who seemed to know RIPA like the back of their hand, gathered at the LSE to piece together what was known about the inchoate legislation often referred to as CCDP (Communications Capability Development Programme).
Although several common themes emerged, there was a general worry that the people in the room understood the issues far better than any permanent staff in the Home Office. We can only hope that there were some civil servants paying attention in the room as well as politicians. Conference video and other blogs are already available via the SfS link, and Ross Anderson provided a blow-by-blow account, so I'll just add my reflections to some of the points of agreement about what we think they think they want and why, and various legal, ethical, technical and economic objections to it.
Gus Hosein of Privacy International kicked off with a historical overview of interception and surveillance in the UK. (Under RIPA, the Regulation of Investigatory Powers Act, interception is about content of messages, and surveillance is about "communications data" such as sender, recipient and time of a message and subscriber data, also known as metadata. Interception requires a warrant and the evidence is not admissible in court, while surveillance merely requires the judgement of a senior police officer.) It's clear that despite ministers' protestations that they propose merely "maintaining" the status quo in the face of new technology and "preserving" and "updating" capabilities, these are whole new classes of data that may be subject to snooping and "deep-packet inspection" (DPI) without a warrant. Gus reiterated that the "central database" idea had already been dropped under Jacqui Smith. Of course that's true, but you wouldn't think so to hear coalition ministers desperately trying to find something placatory to say. And as the powers are extended further and further, justifications have gone from saying it's "only" access to data that's stored by ISPs/CSPs anyway, to storing it for longer; to retaining data that wouldn't be retained; to whole new areas of data that ISPs wouldn't otherwise generate; and now possibly to collecting, correlating and processing it (in "real time" even).
So any claims that this is in principle nothing new, because we've had RIPA for 12 years, are simply wrong. The state, or law enforcement, is always demanding more intrusive data, and the fact we're conducting more of our lives online makes that data more sensitive, not less.
(Some in the audience, however, felt that invasion of privacy was not as good an objection as economic and practical arguments, given the general public's propensity to give away private data to Facebook and Google. My view is that while it's true that the world has moved on since wiretaps, such that technology including encryption and onion routing may make it near-impossible to intercept everything going down a wire even for national security, just as you can't bug every possible location, you can't compensate by paying ISPs to turn the internet from communication services provided for their users, to a mass surveillance system for spying on them.)
Shami Chakrabarti of Liberty was on the first panel. I can't help but be a bit critical of her organisation since it stopped being NCCL nearly 20 years ago, because it seems to have been so unsuccessful in defending our liberties and rights (for example, right to peaceful protest inside a private building); because of suspicions of it becoming closer to the powers-that-be than to those at the sharp end; and because of a lawyerly concentration on human rights rather than civil liberties (my example of this nicety is that a right to education as in Article 26 of the UDHR is an enabling right, while being able to drink alcohol on a bus is a liberty but not a right, and freedom of expression is both).
However, I can forgive them for doing little for freedom in the electronic sphere since we effectively now have a specialist group for that, and Shami did as so often make an impassioned case. This time it was for how privacy was essential to fundamental principles like the secret ballot, consultation with lawyers and representatives and protection from discrimination, but also to basic human intimacy and trust. One point of shared concern was how "the Home Secretary" whoever it was seemed to be rather irrelevant, as policy was driven by advisers and civil servants like Charles Farr (head of counter-terrorism and reputed former MI6 agent) regardless of who the elected representative was. In fact "civil servant" and "adviser" seem inappropriate terms when policy and legislation seems to be dictated by the security services rather than anything remotely democratic. Blanket surveillance is disproportionate, unnecessary, unethical and illegal. There is already too much data retention, and the EU data retention directive is being challenged as a violation of rights for instance in Germany. Does Theresa May believe "there should be no unwatched space, online or offline"? The logic would lead to putting a monitoring device behind a wardrobe in every bedroom in the UK.
Perhaps, I suggest, the panopticon (the prison with universal visibility) is not just a campaigning metaphor, and comparisons with George Orwell's 1984 are not overstatements after all. In 1984 the state (embodied as everyone's Big Brother) monitored every citizen through the "telescreen", a television and camera combination that doubled for propaganda and surveillance. Now televisions never had cameras fitted, but increasingly internet-enabled devices do, and our political and personal actions happen networks that are being asked to look out for "thoughtcrime".
Next up, with some actual legal and technical facts, was Professor Ross Anderson of University of Cambridge Computer Laboratory and chair of FIPR. He recalled the pressure in the 1990s over key escrow, the evolution of the supposed distinction between sensitive content which was a privacy issue, and surveillance of traffic data in which the police wanted to include every web search. In reality much traffic data such as who you're talking to on Facebook are now often specially sensitive. Ross made the point that senior civil servants are technically clueless. (From hearsay, their statements do give a strong impression of ignorance of the basic principles of electronic communications.) The Home Office doesn't have significant expertise of its own and so buys it in from outside including those who are in the business of selling surveillance hardware. He didn't need to say how dangerous this situation was, worse than a typical "revolving door" problem of government consultants. His conclusions agree closely with the research of Eric King at PI, who monitors the way the vendors of hardware espionage "solutions" sell their products (including at DSEi) to places like Syria and Iran. Unfortunately, these manufacturers are looking to expand that market.
Ross talked about what they are trying to sell, perhaps the 10,000 "black boxes" (probes in the network) that had been rumoured, which would give access to content not just metadata, since an internet packet is generally a mixture of both and it would have to pick up all of them. If you filter out broadcast content like iPlayer, increasing hard drive capacities mean it is possible to store everything going over the net, as India already does (they also have probes at the national boundary allowing people to see email as it goes past). BT already has capacity to do DPI (deep-packet inspection) of 100,000 circuits; this would mean about five extra data centres and paying BT about £2bn to rebuild their network, and a £200m hardware contract to Chinese manufacturer Huawei (who annoyingly call one of their filtering systems "GreenNet"). £2bn is really just initial outlay; a later expert speaker has written of extensive maintenance and administration and a total cost over time of £12bn. Among other things, this means a competition issue giving near-monopoly providers more control and making small and medium-sized ISPs unable to compete; "undoing Thatcher's good work" was a line that appealed to Conservative MP David Davis on the same panel. In any case, traffic is getting harder to monitor because of encryption (TLS/SSL/HTTPS), and the way such a system would only trap those people who think they have nothing to hide is likely to mean that it will be abandoned on practical grounds. However, there may be a later threat of private or secret arrangements with some companies like Facebook (others might refuse), and a question over how these could conceivably be regulated. (Note that later speaker Prof Korff points out that voluntary arrangements and codes cannot override human rights.)
Dr Julian Huppert, LibDem MP from Cambridge, comes over as concerned at these issues and worried that the majority of civil servants and his fellow politicians wave stuff through with no understanding. They conceive of a Skype call as equivalent to a phone call without stopping to think whether there are technological differences that mean that quite distinct principles might apply. Both understanding of civil liberties and technical issues are important, but MPs were offered basic training in scientific issues and fewer than a dozen turned up. Dr Huppert echoed that an additional problem was that every Home Secretary was "captured" by the security services in time, which and the home affairs select committee is calling Theresa May on Tuesday 24th at 12.30 to find out what is happening. (In the event, May refused to answer Dr Huppert's question about the "technical detail" of whether plans include decryption and black boxes, made precisely the same errors over Skype and "maintaining capability" again, and is probably going to be invited back for another session.) Liberal Democrat policy includes "ensuring that service providers are not mandated by law to collect third-party communications data for non-business purposes by any method", and the coalition agreement promised to end data retention without good reason: we'd seen no good reason. There was also a commitment to scale back the scope of the EU Data Retention Directive towards privacy. Dr Huppert observed that current safeguards on traffic data are too weak, and agreed access should require some kind of warrant from a magistrate. (Some RIPA cases like dog fouling hit the headlines and have been addressed in a rather narrow way.) He was more reassured than I would be by his leader's promise that legislation would be presented as a draft before being introduced in Parliament (just keep that promise, please).
Trefor Davies, CEO of wholesale/business internet provider Timico, the only "industry" figure on the panel, owned up to not being told anything about the practical project specifications yet (it sounds like the Home Office has spoken in very vague and modest terms to only 3 or 4 big ISPs, yet somehow the Home Secretary later claims there had been "considerable discussions with the industry"). He pointed out that larger providers did some automated inspection for traffic management, but the costs for smaller providers were prohibitive. Can it be done for £2bn? It is possible in China, but there is an undefined hidden cost not in the hardware, but in the implementation, such as in trying to make the data meaningful. He pointed out that there were many, many ways to circumvent interference in the network, and doubts the black boxes could effectively defeat encryption, thus driving more and more people to anonymity.
David Davis, former shadow Home Sec, was the second MP to speak, and felt waiting for 600 or more MPs to understand the issues was futile - a favourite quote of politicians is Adlai Stevenson's supposed response to a supporter's shout "all intelligent people will vote for you": "That's not enough, I need a majority." This is an issue of poor government, ignorance and fear, and one problem is that ministers have no experience of terrorists and in the absence of other advice, believe whatever the security services tell them. His additional reason for privacy, transparency, cited 16 anonymous whistleblowers in the Damien Green case, all of whom would have been sacked if their communication data were accessible. There were also data-mining "experts" keen to see what they could do with huge amounts of personal data; this would generate enormous numbers of false positives (i.e. miscarriages of justice) and a "hoovering up" of ordinary people, while missing sophisticated attacks. He laid claim to getting CCDP dubbed "snoopers' charter" (in my opinion, pretty accurate), and made a good point that in the past surveillance has been self-limiting by requiring manual tapping of wires and so restricted to areas of genuine suspicion.
Less than three years ago, David Cameron said
Faced with any problem, any crisis – given any excuse – Labour grasp for more information, pulling more and more people into the clutches of state data capture… And the Government doesn’t want to stop with the basic information. They want the most complex, important, personal information there is… Scare tactics to herd more disempowered citizens into the clutches of officialdom, as people surrender more and more information about their lives, giving the state more and more power over their lives. If we want to stop the state controlling us, we must confront this surveillance state.