On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu

Tuesday, 3 April 2012

'Maintaining' 'lawful' intercept capability

20 years ago I was a member of a social network. It was called the pub and it enabled like minds to interchange small talk, gossip and express political opinions.

I was also a member of a video-on-demand service called the video shop. At short notice, I could decide which film I wanted to watch, beg my Dad to lend me the car, and within 20 minutes there was a good chance I would be back home with a film to watch.

There was electronic mail, of sorts. I'd type letters on my Commodore Amiga, print them out on my new Canon BJ10 Bubble Jet printer, stuff them in an envelope, address it, stamp it, and stick it in the post box.

My newspaper was delivered by me, the local paperboy, and the only record kept of which paper I read was a hand-written delivery diary at the family-run shop where I worked part time.

When the Government talks about 'maintaining' interception capability they conveniently forget that the capability to monitor 'endpoints' - who talks to whom - never existed for most everyday interactions until very recently, when so much of our everyday activity moved online.

Now my social network is called Facebook and the Government wants to invent the capability of seeing who I write to, who everyone writes to, despite the absence of suspicion.

And, if suspicion should fall on you, they want to be able to see everything you do - in fact they can do this already, but that's another story and there are reasonable but secretive safeguards to help prevent abuse.

The new plans for mass internet monitoring and surveillance go way beyond any capability any government ever admitted to having before.

The information available without a warrant will include which newspapers I read online, which films I watch online (if URLs are to be captured, as rumoured) and everyone I communicate with - whether or not I am working as a journalist with an obligation to protect my sources, or working as a counsellor in sensitive areas, or organising a lawful political protest.

The Home Office insistence that these plans are maintaining a capability which is lawful today is a claim built on strata upon strata of sand.  Sand that the Government previously laid in the gradual erosion of our privacy because the internet has made it possible to gather so much more information than was previously available without  a large-scale surveillance operation 20 years ago, when most transactions were conducted in person.

It was decided that access to traffic data was not 'intrusive' back when many telephones still had a rotary dial.  Traffic data was collected as a necessary part of running a telephone network.

Now, to access what Home Office lawyers claim is a modern equivalent, networks need to be monitored with specialist software.  All internet activity needs to be intercepted in order to extract this context-sensitive notion of traffic data.

The lines between interception of content and traffic data are now so blurred they are useless.

We have moved from passive access to data already collected as part of running the network to active and intrusive gathering of new data not otherwise needed.

And this is being justified by reference to a layer of sand previously laid by the UK government when it lobbied Europe for the Data Retention Directive, forcing selected ISPs to gather and store some - but nowhere near all - of this data, just in case it needs it later.

Instead of making flawed analogies between online activity and the public switched telephone network it's time to rethink the boundaries where monitoring becomes intrusive.

It's intrusive to watch what websites I visit, who I message and where I'm located the vast majority of the time, unless perhaps when there's evidence that I'm suspected of a crime.

We need to stamp out a few government myths right now. Their plan to watch everyone, just in case someone does something bad, is disproportionate, of questionable legality and in no way maintains an existing capability.


No comments:

Post a Comment

Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.