This is a slightly longer version of an article I wrote for The Times last week about the UK Government’s proposal for industrial internet surveillance: the ‘snooper’s charter’. The following day, the Government announced it would NOT be putting the bill forward in the Queen’s speech but it still remains very much a live issue.
Don’t let the State spy on us by the back door
The Times, April 3, 2012
Proposed new laws would give powerful officials instant access to people’s internet data
It used to be that running a police state required a tremendous outlay of resources, from hiring watchers and informants to the central collection and storage of paper files. As we move our lives on to digital networks, we create a handy one-stop shop for the nosy official.
It is simple for governments to eavesdrop on our digital communications. They don’t have to store the data; they just go to where it’s collected – internet service providers (ISPs), social networks and telecoms companies. One simple step takes the State’s ability to spy on its citizens to a whole new level.
[We may hope our democratic principles would protect us from the sort of industrial internet surveillance practiced in China, Iran and other autocratic states. However, this government’s proposal revealed yesterday reveals a plan to rival China.]
Intelligence agents can already tap into our online communication and data where there are reasonable grounds for doing so. The Regulation of Investigatory Powers Act 2000 (RIPA), extended in 2003, allows not only the police, intelligence services and Revenue & Customs officials, but many other organisations, including local councils, to access telephone records, e-mail and internet activity.
That we have no idea how often they do it or for what purpose is an indication of the lack of supervision in this area.
There are three officials in charge: the commissioner for interceptions, the commissioner for the intelligence service and the chief surveillance commissioner. Privacy International has dubbed them the Three Blind Mice for the laxity of their reports and their failure to issue robust sanctions against improper or unauthorised snooping. They refuse to say how many national security intercepts are authorised on the laughable grounds that even to disclose this would be a danger to national security.
At present if UK officials want a user’s data from Google, they must make a legal application. In the first six months of last year, Google received requests for 1,444 users’ data, but only agreed to 63 per cent of them. Similarly, if agents want access to a Twitter user’s data they need to supply a court order to the American company. In a few cases, Twitter has challenged secret court orders so the user can challenge the request. Privacy researcher Chris Soghoian told me there are likely tens of thousands of secret 2703(d) orders made annually by the federal government under the Electronic Communications Privacy Act.
The new legislation on data access to be announced in the Queen’s Speech would do away with all this. Instead it would require all ISPs and social networks to build a “back door” into their systems – effectively a portal through which the State can instantly access all user data. It allows snooping in real time.
Such a system was first proposed by the FBI in the 1990s when telephone companies were building digital systems. The companies opposed it for reasons of cost and design, but the Clinton Administration sweetened the pill with $500 million of public money and successfully lobbied Europe to follow suit. Because of the Communications Assistance for Law Enforcement Act (CALEA), all the world’s leading telecommunications companies now have interception “back doors” built in as standard.
Whether this has made us safer is debatable. But one proven consequence has been to provide intelligence services in Egypt, Iran, Tunisia, Libya, Bahrain, China and other autocratic states with a handy tool to monitor pro-democracy protesters and political opponents.
That was almost certainly not the FBI’s intention when looking for ways to catch criminals, but good intentions matter little when the result is a concentration of power. When this involves the more secretive arms of the State, such as the intelligence agencies, we should be particularly worried.
In the 1990s civil liberties campaigners joined forces with IT entrepreneurs to argue successfully that forcing interception technology on to the burgeoning internet industry would kill it. The Clinton Administration agreed.
However, almost as soon as the law was passed in 1994 the FBI and Department of Justice began lobbying to extend it. In 2005 they succeeded in adding broadband and VoIP (Voice over IP) providers. By 2011 their goal was to have surveillance back doors in all forms of internet communication, including Facebook, Google, peer-to-peer messaging services, and encrypted communications such as BlackBerry e-mail. Rather than setting an example for the world on citizens’ rights against the tyranny of the State, the US and UK governments appear to be taking their lead on internet policy from regimes such as China.
And there may be worse to come. In September 2013 the US National Security Agency will open a new mega spy agency. The purpose of the Utah Data Centre, as described by James Bamford in this month’s Wired magazine, will be to “intercept, decipher, analyse and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks”.
Surveillance must always be done within the constraints of laws protecting citizens’ rights. These exist for a very good reason – to act as a check on the considerable power of the State. We have plenty of evidence from elsewhere in the world of what happens when that disappears