Thursday, 3 January 2013

Getting to Know You

Theresa May wants the power to track everywhere you have been the past year, everyone you have spoken to and emailed. Don’t worry though she won’t use it on you. You may already be aware of this since she kindly outlined her proposals in the Draft Communications Bill (known commonly as the Snoopers Charter) back in June 2012. The fact that this horrendous piece of legislation made it to the draft sage is astounding. Aside from private security service backing there is no visible support for the proposals. Even Nick Clegg and Davis Davis are opposed. The last bashing it received was from a Parliamentary Joint Committee which stated that current safeguards were adequate and that if the Home Secretary wasn’t going to use the new powers then why ask for them?

Not deterred by this Mrs May did what David Cameron did when he had no support over the UK Porn Filter, she went to the tabloids (again). Not convinced we should keep logs of all your digital actions? Here’s a picture of Ian Huntley. What about now? Here’s a picture of the bus blown up on 7/7. Now?

How could the Act prevent these crimes? The Act states that the police and UK security services find it too time consuming to approach various providers of communication service providers (such as ISPs, email hosts and telecoms providers) with the correct authority to get the data they need. They also take time in processing that data into meaningful information to help them with their enquiries. It states that these providers must hold this information centrally in an accessible place for 12 months. Those who can access this data include the police and security services, the Home Secretary and other public authorities (with consent for the Magistrates Court). That's right, Theresa May is trying to pass a law which allows her personally to request communication and location data on anyone in the UK without their knowledge.

At the moment you mobile telecoms provider stores the location of everywhere you have ever taken your mobile in raw data. It stores the reception you have from each mobile mast which can be used to triangulate your position. Your mobile phone uses this same data to work out roughly where you are without wifi or GPS on. It was this data that was used to exposed Ian Huntley’s initial alabi since he said he was many miles away. This data is quite rough though. In the Ian Huntley case officers had to retrace the victims’ route with a mobile to confirm that the data match the victims were vicinity of Ian Huntley. For more information on mobile tracking I highly recommend this TED Talk.

ISPs hold connection logs in a multitude of different ways again completely unprocessed. The Act would seek to have this information as easily accessible and as preprocessed as possible. They don’t want a text file with the connections your computer made they want a list of websites you visited. They don’t want a text file with times and signals strengths, they want a map with where you were when and they don’t want to have to go to a magistrates court to get it. Technologically this is very complex” and “expensive” to achieve. It’s these kind of assumptions that have led Google to call it “very difficult” and Jimmy Wales of Wikipedia to label the authors "technologically incompetent".

Theresa May in defending these rights said that these measures will “NOT target ordinary people” only criminals. By collecting centralised information on everyone how are they only targeting criminals? Surely only collecting information on criminals is a better way of only targeting criminals? This is similar to the classic Stazi anti-privacy argument that “if you have nothing to hide then you have nothing to fear”.

This argument at first sounds compelling until you relate it to your own personal privacy concerns. Why have you put a lock on your bathroom door and a frosted glass window so that no one can see in? You must be doing something immoral otherwise you wouldn’t need to hide your actions.

Clearly there is a difference here between privacy and secrecy. It’s probably no secret what you do in the toilet but you still have a right to privacy doing it. The same can be said for every action in your life. Every digital action you take being recorded is unnerving in the same way as a camera watching every move you take. The fact that probably no one will ever watch the recorded footage of you on your own trying the Gangnam Style horse dance and tripping over doesn’t take away shame that you feel after it happened. In fact with the camera there you probably wouldn’t do it in the first place. As crude as this metaphor is the point hopefully made is that the act of surveillance or even implied surveillance changes behaviour even when there is no wrong doing.

The act of collecting this information in an accessible place is a danger in itself. By making it easier for the police you are also making it easier to steal. Under the act the data is still held by the providers as it is now, the difference is that it’s a lot easier to use. Say your ISP gets hacked, do you want a year’s worth of all your internet history (including private browsing) to be dropped on to a public website against you real name? Although I’m sure that there will be some good security in place, you know like what Sony used when all PS3 subscriber payment information was stolen and made public or when LinkedIn had the same happen with a couple of million passwords. If hackers stole ISP information today all they could get (aside from payment details) would be IP (computer) address logs which would be very difficult to trace.

Another assumption that is made is that this will help catch more criminals. Theresa May outlined the Ian Huntley case as an example. Someone should inform Mrs May that Ian Huntley was caught. Not only that, he was caught quite quickly under existing legislation before any more harm was done. This law could not have prevented the Soham murders.

Don’t you think that maybe criminals might hear this publicly available news and change how they operate? They may be less inclined to search “how to kill the prime minister” in Google and take their phones out with them when they go out to commit crime. The “permitted purposes” for these searches are extremely vague and include for “public health reasons” and in the “interests of the economic well-being of the UK” aside from the obvious “national security” concerns and remain valid and secret even is nothing incriminating is found. In the Act the test for using your data is not criminality. If only criminals are the target then why are public health, safety reasons and economic concerns listed as permitted purposes for search to take place?

This lack of focus in the draft lends credence to the slippery slope to authoritarianism argument. Let’s ignore the fact that only states like China, Iran and Kazakhstan employ such measures and look at the fact that permitted search purposes also include the detection and prevention of crime. Let’s also ignore the fact that you could argue that you need to look at every UK citizen’s information to detect crime and still fall within the legal limits as the act stands. The police could easily use these powers to track Occupy protesters and build a database linking everyone together. If there are only six degrees of separation between everyone on the planet then there are a lot less between you and someone of interest to the police.

Say the police ran searches on your mobile movements because someone who they were investigating made a number of calls to you and they wanted some background information. In the doing so they uncover unconnected information that points to you being wrongly arrested 6 months ago after you were incorrectly identified in some damage caused during a march/protest. Do you think they will be inclined to investigate this? Now swap it around. In the search they find some information that points to you being involved in the damage done. Would they ignore this just because it is unconnected? This is a very large threat to any form of protest. The worry that digital spotlight may be cast you away and uncover something potentially incriminating even if unconnected is a deterrent from action.

With only the police at the helm of these searches only arrests matter. There is no balance of power, no one standing up for the individual’s rights. Under the current legislation there were nearly 500,000 requests to communication service providers (CSP) in 2011 for information. Of these around 1000 were erroneous. 80% were done without the correct authority. 2 people were wrongly convicted due to typos in the request for data. That’s right, two people went to jail because when the police requested data from the CSP they gave the wrong information which meant the CSR handed over the wrong person’s details. Since it’s clear Theresa May is searching for “paedos and terrorists” imagine the damage being wrongly arrested for either would do to someone. You might want to think about better security on your router.

During a time of austerity and cuts surely the Government has something better it can do with the £1.8 billion this would cost.

If you are interesting learning more you can read the Communications Bill here. The Open Rights Group has a number of groups around the country that meet to discuss how to educate others and oppose such proposals.

No comments:

Post a Comment