/ Technology

The government’s net-snooping laws – a step too far?

13
Eye with globe image in pupil
Profile photo of Gus Hosein Gus Hosein Executive Director of Privacy International
Comments 13

The government’s due to announce new legislation that will allow the police to monitor all of our online communications. In this guest Conversation, Privacy International argues that this is a step too far.

At Privacy International HQ last week, we were receiving frantic calls from our advisors and colleagues across government, industry and human rights groups about rumours of new legislation in the UK being considered for the next Queen’s Speech.

The Home Office wants to establish new ways of spying on our communications and internet activities in order to prevent, detect, and investigate crime and terrorism.

‘Something must be done’

The idea of a ‘modern’ surveillance law was first floated by the Labour government in 2008. Their line of argument was as follows:

1. When BT ran all the networks and we all used landlines, the police could get access to who it was we were calling and when, and our location at the time..

2. When internet service providers and mobile phone companies came along, this allowed the police to access new forms of information held by these companies: who we were emailing and which websites we were visiting.

3. But the internet doesn’t work like way anymore: people use Gmail rather than BT internet addresses, and people chat on Facebook as much as by text. This data no longer resides in the UK, but on servers all over the world. So something must be done to make it accessible to the British government.

When in opposition, senior members of the current government clearly stated, when this policy was first floated in 2009, that this form of surveillance was unacceptable. Now the same old policy is emerging, accompanied by the same old arguments.

The government’s original idea was to store all this information in a central government database. The last government abandoned this as being ridiculously complex and an invasion of privacy.

So they instead proposed to install technology at every internet provider and phone company that will intercept all your communications to pull out information about who you’re emailing, who your friends are, and a multitude of other pieces of information.

The UK would be the first democratic country to install such a system, but there are at least three reasons why others have not moved in this direction.

1. Intercept everything

This system would require the interception of every communication in Britain. How can the government know that you’re browsing a social network, reading the news or emailing a friend?

They would have to require internet service providers (ISPs) to interfere with each and every bit of communication to see what you’re doing and then compel ISPs to record specific notes on each interaction, and then store this for up to two years.

The current law on communications interception requires that a) a person be suspected of a serious crime, and b) a warrant be signed by the Home Secretary. Now everyone’s communication will be intercepted, without a warrant or indeed any judicial or executive oversight.

However, the police will only be able to get hold of the actual content of your communications with a court order; but will continue to get lightly regulated access to communications data, like who you’re talking to, where, when, and who are your friends.

2. Low confidence to keep our data safe

This would be the first time we compelled companies to collect information on innocent people that they would not normally collect for the purpose of doing business. Yes, the police can access our financial records and even our medical records, but at least these records exist for good reason: the functioning of the banking and healthcare systems.

This time, the government is asking internet providers and mobile phone companies to actively spy on the entire population of the UK.

As the Leveson inquiry is demonstrating, once information is collected it can be abused by others – the precise degree of police complicity in the illegal access to information remains to be seen.

And with regards to hacking, it seems there is a new story every fortnight on how some large corporate database or other has been maliciously hacked. This information, once collected, can never be adequately secured, no matter how many promises are made.

3. It would be too costly

At a time when the public sector is being subjected to stringent cuts and police budgets are being slashed, the government wants to spend billions on a system that is diametrically opposed to the public interest.

Do you really want your money to be spent on a project that will partially align Britain with regimes that conduct warrantless mass surveillance abroad?

Which? Conversation provides guest spots to external contributors. This is from Gus Hosein of Privacy International – all opinions expressed here are their own, and not that of Which?

Comments
13
Member
rich835 says:
3 April 2012

This is a difficult one.
Firstly, it would be a technological nightmare for ISP’s to implement this, I don’t see how they’re going to manage it wihout passing on the costs of such a system to their customers.

Personally, I have nothing to hide, so I don’t care if they want to record my activity. However, I would want to be sure that the system is monitoring me correctly and reporting the right things. I’m not sure that I would trust a system like this. For example, suppose I’m a reporter (which I’m not), but if I were, I might be investigating someone who I’m about to interview in order to prepare myself for the interview. In that scenario I could be be trawling search engines for all sorts of “dodgey” facts about the person. Would such searches show up on this system and then implicate me?
In the end, I suppose any flaws in the system like this, would eventually be ironed out.

On the other hand, I would be glad of such a system if a loved one went missing, and it helped the Police track down where they were. The benefits of the system in this situation would be priceless.
That possibility alone for me, gives the system a plus point for sure.

0
 |     Reply    Report
Share   
Member
Alistair says:
3 April 2012

Yes, all those terrorists will not be able to afford a postage stamp soon, so they will be e-mailing each other instead.

0
 |     Reply    Report
Share   
Member
Dean says:
3 April 2012

Why do they need these powers?

So they can say to News International that what they’re doing is legal?

Everyone has said all the snooping of recent times is wrong and the newspapers must be brought to justice. However, that has not happened, the government has either been told or coerced into just making their activities legal. We all know that the met/government/media are all bedfellows, this law will just give them the legal power to do all that they want.

Quite a precendent, clearly showing us that we do not live in a democracy

0
 |     Reply    Report
Share   
Member
jontycampbell says:
3 April 2012

For every way a govt can think of snooping on criminals, criminals find a way round it – criminals don’t use ‘flag’ words.

0
 |     Reply    Report
Share   
Member
nfh says:
3 April 2012

The government has clearly not considered the proposed legislation properly. It will be ineffective because those with something to hide already use methods that encrypt their communications. The general public who wish to protect the privacy of their legal activities will move towards greater privacy protection techniques such as encryption.
– Skype is a peer-to-peer technology that is encrypted at both ends by the client software. Calls cannot be monitored because they do not pass via a central server except for calls to conventional telephone numbers. The security services already know that terrorists switch to Skype when they require greater privacy.
– Many more people will start using Tor (“the onion router”) for totally anonymous web browsing. More UK volunteers will set up Tor exit nodes so that their own non-anonymous web traffic is indistinguishable from other users’ anonymous traffic.
– How will the ISPs monitor every web site visit? This will require interception of all port 80 traffic and implementation of transparent proxy servers. This will slow down web traffic significantly, as already happens via mobile 3G connections. Try bypassing your mobile network’s transparent proxy server and see how much faster it is.
– UK consumers with a wish to protect their privacy will use e-mail services hosted outside the UK. Although some popular services such as Gmail are hosted in the US, other jurisdictions closer to the UK such as Sweden and Germany enjoy much stronger privacy laws. If UK consumers switch to e-mail services hosted outside the UK, this will harm the many UK businesses who provide such services. The government should put the interests of UK businesses ahead of ineffective legislation to invade privacy.
– In order to protect their privacy, consumers will make greater use of e-mail encryption technology such as PGP with public and private keys.

0
 |     Reply    Report
Share   
Member
richard says:
3 April 2012

To me it is simple – When we are allowed to freely snoop on this so called “government” then they may have a point – but they refuse even when directed by the courts. Otherwise they are a hypocritical bunch of unscrupulous inept schoolboys with a built in U Turn mentality. They need removing from office – real social unrest is just around the corner. Social unrest is a sign of Tory mismanagement.

Anybody that wants to hide their e-mails will find a way,

0
 |     Reply    Report
Share   
Member
Nikki Whiteman says:
4 April 2012

Hi all, thought I’d post a quick update on this. The government has now said that these plans will be published in draft, rather than put in the next Queen’s speech. http://www.bbc.co.uk/news/uk-politics-17595209

Does this give you a different opinion on the proposals?

0
 |     Reply    Report
Share   
Hide replies ∧
Member
Gus says:
4 April 2012

This is an important development.

People are right to point out that there are significant technological challenges in doing what they propose. This is something that the LSE (and I) point out in 2009 and which are even more problematic today.

What’s important and essential is that we continue to have these discussions. I would never argue that these aren’t important powers for a government to have; but we need to discuss whether it is a good idea to implement it in the ways that they had foreseen. And there are many other forms of surveillance being done today that we need to identify and place under the rule of law, e.g. can the police hack your computers for good reasons? can they put malware on your mobile phone to capture your passwords? These are modern policy problems that need sophisticated public debate, not one based on Home Office rhetoric of ‘nothing to hide nothing to fear’, ‘paedophiles and terrorists’, or mere dumbing down of the policy by saying that it is ‘just about telephone records’.

I’m looking forward to this more informed conversation and public debate.

0