Thursday, 26 November 2015

Snooper's Charter 101 Please share

To all of the normal people that read my blog. I am sorry this is another post on that snooping crap, but do please read it. I'll try and get back to 3D printing daleks or something real soon.

There is a law that is being considered right now, and may be proper law some time next year.

You should care about it! You can help fix it!

It tries to update some of the existing laws, and make legal some of the stuff done by our "intelligence services". You know, James Bond stuff, except they don't just spy on our enemies (who exactly are they?) they spy on us as well.

It also tries to make some new powers to help the police. In theory these might help the police, and in general I am all in favour of helping the police, but it is not that simple.

Might be worth a small bit of history - phone systems. Originally they were a bit mechanical, and even had operators at the start. Charging for calls used a "meter" that clocked up units. That was it. But things got smarter and people understandably wanted to know where all these units of charge came from, so the phone companies started logging the calls you made and created the wonder that is Itemised Phone Bills. We kind of take them for granted now, but I am old enough to remember a time when we did not have them. This was all done for the benefit of the phone company and arguably their customers.

The fun then starts - the police realise that they can ask the phone company (there was only one) for details of phone calls made from a phone. In some cases this is really useful to some investigations. Later they were even able to ask about calls made to a phone, which is also useful. Of course, even before these itemised phone bills they could ask to "wire tap" a line so they could listen in. At one time this really meant connections to the physical line. This was for serious criminal suspects, obviously.

These days it has got more complex. There are mobile phones, and the police can ask where phones were (at least based on cell towers). As time has gone on, the technology to "snoop" on us all has improved a lot.

The big concern is where the line is drawn - how much snooping is too much, and there is a really big fear now that we are getting to that point. There is a bit of a clue when new laws actually have clauses to exclude MPs - even they feel that this would be too far for their comfort. The fact that someone knows the location of your phone, and hence probably you, every minute of the day for the last year is a tad scary.

Where do we not have privacy?

When we are out in public, we expect that the public can see us, and hear us, and know where we are.

This is usually that we only expect a few people can see us, but they can tell others, so overall the idea that there are cameras all over the place is no huge surprise really.

Basically, we don't have an expectation of privacy, that is what "being in public" means.

The laws on photography are also quite clear - as a photographer I can take a picture of pretty much anything and anyone from a public place - I am just recording what I myself am quite legally allowed to see. (Yes, there are a few caveats on that, but not the point here)

But where do we expect privacy?

When we are at home, or pretty much anywhere behind closed doors, we expect privacy.

Now there are those that say "if you have nothing to hide you have nothing to fear", which is, to be frank, bullshit. None of those people want a public web cam in their toilet or bedroom, strangely enough, and they won't tell me their card details and first pet's name either.

So, I think we can agree that whilst some things we do are not basically private where we have no right to privacy, there are places where we can go and things we can do where we expect privacy and to be quite frank we are entitled to it.

So how does this new law cross the line?

These days when in private we may use of technology a lot - phones, computers, TVs, games consoles, and all connected to the Internet. What we do on the Internet says a lot about us.

Now, with phone call records, the content of the call is not logged by the phone company. Unless you are a targeted suspect of a serious crime your calls are not being tapped, or at least should not be.

The problem is that what we do on the Internet is a lot more revealing about us that what phone calls we make. Privacy International have loads on this (here) and a great video on metadata, which is supposed to be the what, when, who, how, but not the content of what you do on the Internet.

The new law wants to collect a lot of this metadata about all of your Internet access. What is worse is that they want your Internet Service Provider to collect it and store it for a year and make it available to the authorities if they ask. Do you trust that your ISP will not get hacked? Even if they are pretty good now, they will become a juicy target for hacking very soon.

Don't they need this to keep us safe?

There are bound to be cases where knowing everything about everyone can help stop a crime, and if that is what you want then we really should go for cameras in your toilet and bedroom. There is a trade off to be had between the rights we enjoy, the way of life we want to live - with that degree of privacy, and with keeping us safe.

But let's try some facts here shall we...
  • Terrorist attacks, one of the main justifications for all of this, remain one of the lowest threats to your life. There are way more people that died from suicide because of changes to the "Fit to work" assessments than died in recent terrorist attacks in Europe. The justification is scaremongering and bogus. Let me be clear - I do not need protecting from terrorists! What I need is protection from heart disease, cancer, and car accidents.
  • The recent terrorist attacks did not lack this data - they had suspects and even had people under surveillance - the area we need to focus on is not "getting the data" it is what we do when we have it. In fact, having more data will make things harder.
But it gets worse - the Internet is just not like the phone network, and the logs they want don't exist. What logs they can get are likely to be unhelpful (they seem confused that a phone does not just connect to twitter, but actually stays connected all day every day). And over time they will get less and less data as changes in the Internet make it more secure (to combat criminals).

It is also true that criminals can cover their tracks with ease. Simply using secure messaging systems like iMessage, but with a bit of googling you can be way more secure. So the real targets, the serious criminals, and the terrorists, can hide already and always will be able to hide.

What can you do?

One is to spread the word - share and repost this blog to your friends. I have a lot of techie friends and they really get this already - what we need is all of the normal people, the non techies, the people fooled by the "Think of the children" news headlines. People need to think - do I really need the government, and worse, my ISP, spying one me?

Secondly, and this is more work, which is why spreading the word is important, contact your MP now. tell them you are unhappy about this. If you really want, look at my other blog posts and you'll find out a lot more, and even how to formally respond to the consultation and evidence processes, as I have done.

You can also contact people like the Open Rights Group, tell them how you feel. Join up, and stand up for some of these last remaining rights which we all enjoy before they get eaten away bit by bit. AAISP are a corporate sponsor. All that is necessary for the triumph of evil is that good men do nothing.


  1. I discussed this with my parents, they think I'm a maverick for opposing this law. My mum said "but all those people that died, we have to do something" and no amount of me pointing out that car accidents are far more likely to kill you made a difference. Or that we already knew about the suspects in all the recent attacks so this law wouldn't have helped.

    My dad's view is "if you've got nothing to hide then there's no need to be concerned, they can read all my emails". This ignores criminals hacking to get all this lovely stored data, and all sorts of other issues RevK has pointed out.

  2. I posted this to a message board I run, and while there were some people who understood, I also read these depressing replies:

    "All this new law is doing though is updating the law to match the era of technology. The police already have the right to search your house, record your phonecalls and intercept your mail such as in 1969 when the police steamed through hundreds of people's letters

    If you except the police have the right to do all that then why draw the line at the internet and email?

    Also the article makes the point that the point of the law is protect the public from terrorist attacks and that he doesn't need protecting. Although that's true the main reason is to actually catch criminals such as terrorists, pedophiles and drug dealers presumably the author would like to be caught"


    "I imagine they can and do snoop on us all anyway; this is just a way of making it 'official'."

    It's very difficult to get people to care.

    1. For the first one - targeted surveillance on Internet is one of the areas that is not that controversial. This is about searching everyone's house, not just the suspects - why can people not see that. Oh well, thanks for trying.

    2. You may be heartened to know that a few people did comment on liking the Privacy International video :)

    3. Terrorists, pædophiles… and copyright violators. Big Copyright are the second-richest lobbyists for this stuff after the "security" services.

  3. Shared. This is the second time I have ever written to an MP. The first one resulted in the MP offering to donate money to a local charity and then not actually doing it, so I hope Richard Benyon is different.

    You might want to reach out to Lord Harris of Haringey who has an interest in this area too.

  4. Your arguments are mostly good but they would be even better if you could suggest what access you think the authorities should have to personal metadata that would be sensible and proportionate to their needs. If you are against the authorities having *ANY* access to personal meta data, then following this logic through the police would not even have access to mobile phone records like they do now and they would certainly be stymied in doing their job. If I recall the news correctly, the police in France used mobile phone records / signals to help them locate the terrorist that blew themselves up.

    The analogy with cameras in bedrooms and bathrooms is of course very extreme and clearly taking things too far - I think we can all agree on that. In that instance, it's hard to imagine any benefit that could be achieved from such intrusive spying. Communications metadata is different though, because it helps the authorities identify and locate networks of people with common interests or groups posing potentials threats - Something that is pretty important and incredibly useful to anyone charged with identifying and disrupting terrorist plots.

    The government mostly already does what it can to try to protect us from heart disease, cancer and car accidents (the "nanny state") and if they were not trying to protect us from terrorists as you suggest they shouldn't, I'm pretty sure you would change your mind once the terrorists started blowing up anyone you are close to. To not pursue the terrorists as you seem to be suggesting by saying you don't need protecting from them really would be a great example of your quote "All that is necessary for the triumph of evil is that good men do nothing."

    1. I am simply suggesting terrorism is treated proportionately - it is serious crime, but it is not a reason to invade everyone's privacy. Remember that this is about ISPs and data retention for use by the police to investigate crimes, there are separate parts of the bill that cover GCHQ and bulk intercept where they look for keywords and so on to try and track terrorists.

    2. With physical searches, if the police suspect RevK has drugs under his chair, they go to a judge, present their evidence, and if it's good enough, *then* they get permission to go and look under his chair. They aren't allowed to go looking under everybody's chair just in case. They aren't allowed to tell somebody else to look under chairs for them, either. Why should my email be different? Up until they actually have justification for a search, they should have to leave it alone.

    3. "Something that is pretty important and incredibly useful to anyone charged with identifying and disrupting terrorist plots."

      Except the evidence from Paris and Denmark is that bulk snooping is actually NOT useful for disrupting terrorist plots. If there was overwhelming evidence that these laws made a significant impact on the levels of terrorism in countries where they were passed, there would be a strong argument for accepting the privacy implications in order to save lives.

      But the laws don't even do what they're supposed to do. They are justified based on credulous optimism and useless "we have to do something!!!!" symbolism, but don't actually make anybody safer. The government might as well sacrifice chickens and pray to the anti-terrorism gods instead. It would be a lot cheaper.

  5. Even if we imagine some kind of utopian super-nova in which the technical arguments against implementing the mass surveillance implied by the Bill become surmountable, and that law enforcement could in fact can navigate a tsunami of false positives, and that vast centralised databases could be made secure, etc. etc. the biggest problem is still with the fact that people don't feel their privacy is being violated right now. And they can't imagine at what point that feeling might arrive.

    It might literally have to come to cameras in the loo before a majority of people would resist. When significant numbers now appear to think that they are being watched when they aren't means that things have become far worse for privacy advocates than might be realised. Is my TV watching me back and seeing that I'm rolling a joint? Yeah, probably. But I'm not being arrested for it, so hey. They can't read all our emails, after all! What are they, speed reading for England? Ho ho ho. They don't care about me, I'm not a bad un'. And so on.

    You can't blame people for that any more than you can't blame them for not saving up for pensions, or smoking, or for eating too much. The consequences are simply not seen or understood because they're not apparent in any real way. Perhaps if people started noticing loved ones being arrested for no reason as a result of false positives, or letters in the post attempting to blackmail them for misdemeanors in their youth or something. But would most people even make the connection between those things and what had been warned about at the time of the Bill?

    So here is a statement of political morality: much as I respect and admire what RevK does and continues to do, I think the time has passed for articles like this. The laws will be passed, the surveillance and politicking will happen.

    But here's the thing: it's not about that any more. The people who know what's going on will become the real actors. They have the means, and those means are in fact becoming easier over time. Communication is passing into the realm of that which is beyond law. Such things happen, but society carries on. That doesn't lessen the pain of watching the politicians play themselves out on the matter, and doubtless it will get worse before it gets better. But there is hope. There is hope.