UK net super-snooping clashes with Euro privacy law - expert New legislation that would enable a UK intelligence agency to monitor data from internet communications in real time without a warrant could be challenged at EU level unless other privacy safeguards limit the scope of that monitoring, an expert has said. The Government confirmed its intention to introduce new laws on the use …
If I were a GCHQ analyst, one thing I might try would be to get hold of a massive anonymized chunk of the traffic archive and start modelling it. I might look to neuroscience for an example, and split the dataset in two so I had 50% of people in each half. I'd also want (maintaining anonymity at all times of course) some outcome data. If I were interested in success, I might want the level of wealth, or some other level of achievement. If I were interested in badness (more likely) I might get all the forensic data. Now, I'd use some of those lovely pattern matching techniques to train up a model (support vector machines are used in brain imaging) of the relationship of traffic data to outcomes, using the first half of the dataset. Then I'd see if I could predict the outcomes in the second half using my model.
Then I'd go to my boss and suggest we asked for some live data.
Have I somehow woken up in April 2010 rather than 2012? Did we not have an election two years ago where both the now coalition partners fought against Labour's plans for blanket internet surveillance. and cropping up again in today's news; secret trials and inquests?
I can only think that agenda is still being set by the Whitehall mandarins rather than the politicians, who on the issue of the internet seem to be under the impression that they can create a google.gov.uk where a search for "terrorist or criminal" spits out a nicely sorted page of suspects and evidence. It doesn't work like that, and it will never work like that.
Anyone wanting to make their phone calls, emails and web browsing habits invisible to the authorities can do all of this by using a VPN end point server located in a country whose privacy laws and enforcement they have more respect for. There are good and bad reasons for this, e.g. a foreign business may legitimately be concerned about leakage of trade secrets to competitors who bribe local police and pay local PIs. In the case of criminal reasons, this is a bit like the way leaving fingerprints at the scene of a crime is optional.
Those looking for lesser levels of protection can use private systems for most of this instead of publicly provided ones. Private systems, such as my email server (mine is currently located in the UK, but would be easy to move) are not affected by this legislation. I've never had police asking for real time access to my mail logs and it would cost them a fortune to get this data securely from anyone other than the very biggest fish in this ocean. All others data requests will involve delays in obtaining warranted access through the relevant system operators.
Given the facts that:
a. spies will continue to spy because that's their job,
b. this job isn't going to go away anytime soon, and
c. if they are paid by our taxes for tracking organised crime, terror suspects and paedos, they are likely to want to do be able to do this job without risking criminal prosecution.
It follows that we can't avoid the need for legislation which makes it equally as easy and as difficult to get the same level of communications data from those who use Skype as from those who use BT. The same applies to other messaging technologies. How easy and difficult, and what data is now up for debate, but not whether legitimate surveillance should occur or be regulated by law, or the principle that the level of state access to messaging data should be technology neutral, recognising that practical and cost issues will introduce different procedures, feasibilities and delays.
When the RIPA was passed, the Labour administration was in control freakish 9/11 mood and there there was little or no debate over it. This whole steaming pile was rammed down our throats and Labour MPs were too lily livered to contest the worst parts of it. Some of the worst parts of it were reserved for 'introduction at a later time if needed' to come into force by executive order, and the time of these orders inevitably came and went, but with no justification of increased threat level provided, with no limited duration, and with few people noticing these uncivil denials of liberty coming into effect.
Given the nature of coalition politics this will now have to be extensively debated and discussed before a parliamentary majority can be obtained. So instead of running around shouting that the sky is going to fall down, it makes more sense to see this as an opportunity to get rid of some of the worst aspects which should never have got into the RIPA in the first place, in particular the requirement to handover cryptography keys or decrypt data on request by plod.
Indeed. One of the good things that could come of this is the requirement for the warrant currently required under RIPA being changed so that the warrant (sealed if necessary but provably existing nonetheless) comes from the judicial system (e.g. a judge) rather than from a politician (the Home Secretary). IMHO, poilticians are neither qualified or capable of making the correct judgment on this. This is especially true of home secretaries who, in recent history at least, seem to be the worst of the lot. It is the job of politicians to pass legislation but it categorically should not be their job to enforce it. The concentration of power in one place in this way can only be bad.
In other words, by all means, allow the security services to monitor communications where necessary. The necessity of the monitoring should not be a political decision, but a judicial one. It should have oversight and an audit trail.
We should also be wary of definition creep in terms of what falls under the remit of the security services and what is handled by the police. Only real threats to national security such as genuine terrorist plots are within their remit. Catching sex offenders, people smugglers, counterfeiters etc. etc. should fall squarely within the remit of the police who require proper non-secret warrants from a judge to tap communications and search premises.
I am reminded of a RIPA-related conversation between myself and an unnamed Home Office type some years ago:
Me: To release protocol- or content-data I will of course need to be formally served with a warrant or summons.
Them: That's how it will happen.
Me: How will I know that the request is valid?
Them: It will have the signature of a senior Judge, or the Home Secretary, on it.
Me: OK, please provide me with copies of the signatures of all senior Judges and the Home Secretary, to be held on-file for validation purposes.
Them: <<silent, vacant expression of having unexpectedly been hit round the head with a dead fish>>
I'm still waiting.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
