We are the good guys, honest
First off, I want to be clear. The attitude I have, and therefore the company (A&A) has, to blanket surveillance is that it is wrong. It should not be allowed. We need to take all possible and practical steps against it. Targeted surveillance against know suspects with proper controls is another matter.
I hope that is clear, and the fact I have gone to the bother of speaking directly to parliamentary committees on this helps explain some of my resolve in this.
Am I a martyr ?
No, sorry. I will not go to jail over this. I have a family to support, and I have a lot of staff that have families to support. So there are limits.
But I am not beyond considering every possible loophole and edge case we, or my lawyers, can come up with to help defend these principles.
What can A&A do?
We can explain our principles, and we can try and help people understand how to circumvent all sorts of monitoring and snooping as much as possible to ensure people get respect for their basic human rights related to privacy.
We can, of course, try and appeal or defend any such orders if we get them, and we will.
What about the canary? Does it help?
The way the law is worded now, there are various parts with various gagging orders. Some parts are a tad tame, civil enforcement. No, I am not a martyr, but would I go for challenging it in civil courts, maybe. Hard to say, and at the end of the day that would not really help. This is the real point here, but we cannot risk criminal laws even for the "tame" parts of the IPA by invoking the Official Secrets Act. So even that may be a problem.
You cannot trust what anyone says with the law as it is. It is not really acceptable for a democratic society, in my view. It is not a matter that law "compels you to lie", but that by not lying you may be breaking the law. If you see what I mean. No, don't lie as that is fraud, and no, don't not lie as that is breaking a gagging order, catch 22. Pick your crime?!
What is important is that everyone assumes there is snooping and monitoring. I am sure that getting BT Wholesale or TalkTalk Business to deep packet inspect our PPP traffic is against the law, sorry. The Home Office do not agree. In a civilised society this would have a chance to be decided by a court, but in a world with secret orders and gagging requirements, it will never get tested.
So if you do trust us (and why not) you may already be snooped on in the back-haul network, so take measures to protect yourself.
If you take such measures, you don't need to trust us, and so we don't need to be on the spot with a canary!
What about the canary going forward?
I am formulating a plan here...
First off, I put anything canary related in one place, make one page with a clear signed and dated statement and link to that. It states what we do not have (any order under IPA) and is dated and signed, and ideally states when or if we plan to update the statement.
That fits well with what we have now, and puts in one place. It removes the "ask me on irc or in person" and so on.
Cunning plan?
My lawyer pondered this and may be regretting it now - but if the warrant canary covers many things nobody knows the discontinuation of the canary is because of reason X and as such that cannot be seen as disclosing reason X.
So a canary could say, for example :-
- I have a beard
- My dog, Lilly, is still alive
- We have never had an intercept capability order at A&A under IPA
- We have never had a data retention order at A&A under IPA
And when we stop making such statements, all you know is one of those things is no longer true.
By stopping, we are not breaching a gagging order, obviously, especially if I happen to have shaved.
Sadly, any "cunning plan" like this is almost certainly a bad idea, sorry.
Sadly, any "cunning plan" like this is almost certainly a bad idea, sorry.
Simpler plan?
A simpler plan is just set a date, e.g 2020, from which we no longer make any statement about IPA orders.
