Sunday 7 July 2013

Communications Data Bill? Unnecessary

"Où sont les Neigedens d'antan?" Yossarian said ...

We are all naïve, the Spectator said, if we imagine that the security services don't intercept all the communications they can. That's their job. What do we expect? It's for our own good. We'd be rightly furious if they didn't ...

There's something wrong with that argument.

The same thing that's wrong with Charles Moore's column in the Telegraph yesterday, Edward Snowden is a traitor, just as surely as George Blake was:
Public opinion seems to have given a worldly shrug and said, “Obviously, our secret services spy on us in cyberspace; what’s all the fuss?”
The Telegraph has covered acres of newsprint with stories about the Communications Data Bill over the past year or so. The Bill is needed, according to the Home Office, to keep the country safe from terrorists:
9 May 2012 – 'Snooper's charter' web spying Bill announced
6 September 2012 – Sir Tim Berners-Lee accuses government of 'draconian' internet snooping
9 December 2012 – MPs turn on Home Office over snoopers' charter
15 April 2013 – The Communications Data Bill will strangle new businesses
22 April 2013 – Data Communications Bill: the Home Office is trying to trap Britain in the past
28 April 2013 – It’s not a snoopers’ charter, it’s a life-saver
23 May 2013 – Woolwich attack: Snoopers’ charter 'could have prevented machete tragedy’
28 May 2013 – Spies only have 'very limited' access to terrorist data, says Sir Malcolm Rifkind
30 May 2013 – We can’t fight crime and terrorism while wearing a blindfold
31 May 2013 – Internet companies warn Theresa May over 'snooper's charter'
Etc ...
But hang on a minute.

If the security services already have legal access to telecommunications data, why do we need the Communications Data Bill?

Why is Theresa May, the Home Secretary, consuming a lot of political capital trying to push this Bill through?

Why haven't the Telegraph pointed out that argument about the Bill is just so much hot air, we already have everything it promises to deliver?

Come to that, if everyone sensible already knows that our telecommunications are intercepted, in what way is Edward Snowden a traitor?

No-one – apart from Roger Scruton – writes better than Charles Moore on constitutional matters, politics, religion and Conservative philosophy. He is gifted. And Fraser Nelson in the Spectator is no slouch.

But give them an article to write about Edward Snowden and – utterly uncharacteristically – they both start appealing to opinion polls, they both play the man instead of the ball and they both claim that no-one should be told what everyone already knows.

----------

Updated 7.7.2013 12:34
Some commentators talk sense:
19 June 2013: Britain's response to the NSA story? Back off and shut up
2 July 2013: Does the US think that only Americans have a right to privacy?
Updated 9.7.13
The following letter has not been published by the Telegraph:
From: David Moss
Sent: 07 July 2013 01:15
To: 'dtletters@telegraph.co.uk'
Subject: Charles Moore, 5 July 2013, 'Edward Snowden is a traitor, just as surely as George Blake was'

http://www.telegraph.co.uk/technology/internet-security/10162351/Edward-Snowden-is-a-traitor-just-as-surely-as-George-Blake-was.html

Sir

Charles Moore argues that everyone already knows that the security services intercept our communications to protect us against terrorism. For the past year, the Telegraph has reported on the Home Office's attempts to promote the Data Communications Bill, desperately needed according to Theresa May to protect us against terrorism. They can't both be right. Which is it?

Yours

David Moss

Updated 13 July 2013
To the US secret services, and possibly the UK ones too:
What does "collect" mean?
And what does "relevant" mean?
Updated 31 August 2013
20 August 2013: So the innocent have nothing to fear? After David Miranda we now know where this leads
24 August 2013: It's Left-wing prats who are defending our freedoms
30 August 2013: Big Brother is watching us? How comforting
Updated 2 October 2013
The following letter has been submitted to the Times:
From: David Moss
Sent: 01 October 2013 16:41
To: 'letters@thetimes.co.uk'
Subject: Kaya Burgess, 1 october 2013, MI5 playing into hands of ‘twerps like Assange’

http://www.thetimes.co.uk/tto/news/politics/article3883536.ece

Sir

We have it on the authority of Dame Stella Rimington that the security services can intercept any of our internet-based communications.

Two points.

Firstly, the implication is that there is no such thing as a secure website. Secure websites are like unicorns.

Second, the Home Office have been promoting the Communications Data Bill on the grounds that, unless we provide the security services with the tools, they can't defend us against terrorism. The implication was that they don't have the tools needed. As it turns out, they do, and the Home Office were deceiving us.

Yours

David Moss
Updated 5 October 2013
The letter above was not published by the Times. They did publish one by David Bickford, Former Legal Director, Intelligence, agreeing with Dame Stella Rimington that more oversoght of the security services is required and recommending that it should be provided by the judiciary, independent of the Executive.

Updated 21 November 2013 #1:
The following letter was submitted to the Telegraph:
From: David Moss
Sent: 09 October 2013 09:36
To: 'dtletters@telegraph.co.uk'
Subject: Tom Whitehead, 9 October 2013, 'GCHQ leaks have 'gifted' terrorists ability to attack 'at will', warns spy chief'

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/10365026/GCHQ-leaks-have-gifted-terrorists-ability-to-attack-at-will-warns-spy-chief.html

Sir

We have it on the authority of the director general of the Security Service that his agents can and do and must intercept all our communications. The Home Office have been advocating the Communications Data Bill since June 2012 on the premise that Mr Parker's agents do not and cannot and should not intercept all our communications: "Nothing in these proposals will authorise the interception of the content of a communication. Nor will it require the collection of all internet data, which would be neither feasible, necessary nor proportionate", as it says on p.2 of the Bill. Presumably the Bill will now be withdrawn.

Yours
David Moss

http://www.official-documents.gov.uk/document/cm83/8359/8359.pdf

Updated 21 November 2013 #2:
Some commentators continue to talk sense:
20 November 2013: The days of believing spy chiefs who say 'Trust us' are over

Updated 28 January 2014:
"Time for GCHQ to come out of the shadows", said Charles Moore in yesterday's Telegraph.

"GCHQ has preferred to sit quietly in Cheltenham, listening not talking ... But this is ... a pity, because GCHQ has quite a story to tell", and Mr Moore proceeds to tell it in what for him are uncharacteristically garish terms.

He has been the editor of the Spectator in his time, the Sunday Telegraph and the Daily Telegraph. And a very good editor, at that. But his nose for a news story deserts him here.

In yesterday's article he says "... the [Snowden] affair has created a demand, stronger in the US than in Britain, for controls ... the politics of intelligence remain unsettled, and Congress might yet cause more trouble ... the Snowden case has revealed something of which GCHQ feels very proud. Since September 11 2001, Cheltenham has conquered the internet ...".

Congress might cause trouble? That's the democratically elected government of the US he's patronising there, de haut en bas. And what the Representatives and the Senators are doing is responding to many Americans' outrage at the infringement of their pretty-well-sacred Constitution – we don't normally call that "causing trouble".

But that doesn't fully describe what Congress are doing. It's part of it but in addition there's a queue at the back door of the Capitol building, a line of chairmen of the US's biggest internet companies all worried about the effect of the Snowden revelations on their turnover.

Mr Moore may not have noticed but the predictions of $30 billion of lost revenue are two-a-penny in the technical press. Goodness knows where that number came from. Why not $100 billion? Never mind. One way and another, a substantial amount of money will not be earned as a result of the security services keeping everyone under surveillance. It won't be earned by a lot of private sector companies who want to do the same thing. They're angry. And Congress are responding.

A cynic might say that Congress is are only responding to the corporate anger, there is no element of idealism here and the popular anger centred on the Constitution is irrelevant. That couldn't be more wrong. After all, where does the corporate anger come from? It comes from the hard-nosed recognition that the popular anger is real and that the people might stop using all those cuddly internet services, the cloud, the mobile phone apps, ...

It's not just the "politics of intelligence". It's the economics, too. And the market isn't just "unsettled". It's frightened. And furious.

GCHQ and the NSA haven't so much "conquered the internet", as Mr Moore puts it, as broken it – or, potentially, killed the golden goose. They've queered the pitch and all the king's horses and all the king's men are going to be hard put to it to put trust in the internet back together again.

It's a big story. $1 trillion up in smoke. And he missed it.


Updated 25.6.14
Theresa May: New surveillance powers 'question of life and death'

The Home Secretary has signalled she may resurrect plans for a snoopers’ charter of stronger internet surveillance powers to counter the terror threat from British jihadists in Syria.

Theresa May said ensuring the police and security services had the right powers to uncover terror plots was now “a question of life and death, a matter of national security”.

The threat faced from hundreds of Britons fighting with terrorist groups in Syria is “real and it is deadly”, she warned.
At the same time monitoring communications was becoming harder because of the volume of data and the difficulty of getting hold of it.

The Home Secretary also rejected accusations that the security services were already engaged in unaccountable mass surveillance of the British public, or that intelligence agencies were breaking the law to trawl online communications.
On the one hand we have Charles Moore and Fraser Nelson helpfully trying to defend the government by telling us that we'd have to be naïve not to believe that telecommunications are monitored.

On the other hand the Home Secretary undermines them and their support by saying that there is no such monitoring going on.

See also for example Vodafone: governments use secret cables to tap phones and Social media mass surveillance is permitted by law, says top UK official.

With journalists, the phone companies and the Director General of the Office for Security and Counter-Terrorism all acknowledging that massive telecommunications surveillance systems are already in place, the Home Secretary's position begins to look very lonely.


Updated 15.9.14

Nine months ago we noted the commercial damage being done to IT businesses by the global disdain for privacy and security – "there's a queue at the back door of the Capitol building," we said, "a line of chairmen of the US's biggest internet companies all worried about the effect of the Snowden revelations on their turnover".

Some indication of the scale of the damage is reported in the Financial Times today, Tech chiefs in plea over privacy damage:
US commercial cloud companies will lose $22bn-$45bn over the next three years as a result of the Snowden backlash, according to the Information Technology and Innovation Foundation.
What does Eric Schmidt say? He's the chairman of Google:
“It’s easy to blame the tech companies for being insufficiently sensitive – we are way sensitive, trust me.”
And Peter Thiel? He's a director of Facebook:
"Facebook would like to be more sensitive to more local concerns."
22 to 45 billion dollars says there's a way for Mr Schmidt to go and that Mr Thiel is going to have to turn his sensitivity all the way up to 11.

Otherwise it's going to be slim pickings for the IT industry and for the advertising industry that pays for everything, Martin Sorrell: if you don’t eat your children, someone else will. Someone pass that man a napkin. A big one.

Updated 11.10.14

$30 billion of lost revenue? The cries for help continue to issue from the IT industry. NSA spying will shatter the internet, Silicon Valley bosses warn, it said in The Register yesterday. Those dreadful spooks in the NSA are queering the pitch for all us nice companies who just want to make life better for everyone.

And in a Transatlantic call and response, back comes the answer from GCHQ, Big companies snoop on public more than GCHQ, says spy chief, we spooks are much less despicable than the corporations.

They're in the same business.

The collection and mass sharing or sale of detailed personal and corporate information.

It's partly for national security, including the nation's financial security.

And partly to smooth the path of government, i.e. to make it easier to govern. To govern on-line. For that, everyone needs an on-line ID. We call it "identity assurance" – or "IDA" for short – in the UK. They call it "NSTIC" in the US. Same thing.

IDA, also known for the moment as "GOV.UK Verify", relies on quasi-secret information. To verify our identity, we'll be asked to answer very specific questions that only we are likely to know the answer to. "Knowledge-based verification", it's called.

But how do the "identity providers" know the correct answer? ("Identity providers" is the spooky science fiction name for the middlemen in IDA/NSTIC.) They check with the credit referencing agencies or data aggregators or data brokers, as they're variously known. Experian, for example.

On-line government, or digital government, whatever you want to call it, relies on, depends on, the collection and sharing of detailed personal information. It depends on surveillance, you could say. No surveillance, no IDA, no GOV.UK Verify, no NSTIC.

The spokesmen may have forgotten to tell you that, but don't you forget it, the next time some fresh-faced, reasonable-sounding, butter-wouldn't-melt-in-his-or-her-mouth politician or company chairman tells you that he or she just wants to make government more efficient and cost-effective and responsive to user/citizen needs. To do what it says on the tin, they need to use quasi-secret information about you, information that only you are likely to know, you and Experian, or whoever.


Updated 20.2.15

The Guardian, 19 February 2015:
Sim card database hack gave US and UK spies access to billions of cellphones

American and British spies hacked into the world’s largest sim card manufacturer in a move that gave them unfettered access to billions of cellphones around the globe and looks set to spark another international row into overreach by espionage agencies.

The National Security Agency (NSA) and its British equivalent GCHQ hacked into Gemalto, a Netherlands sim card manufacturer, stealing encryption keys that allowed them to secretly monitor both voice calls and data, according to documents newly released by NSA whistleblower Edward Snowden.
The Telegraph, 20 February 2015:
British and US spies hacked mobile SIM card keys

British and US intelligence services can tap into mobile voice and data communications of many devices after stealing encryption keys of a major SIM card maker, according to a new report.

The report, from investigative website The Intercept, said the US National Security Agency and its British counterpart GCHQ obtained encryption keys of the global SIM manufacturer Gemalto.

Citing a 2010 document leaked by former NSA contractor Edward Snowden, the report said that with the encryption keys, the intelligence services can secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap.
The Times, 20 February 2015:
British spies ‘hacked mobile phones worldwide’

British spies stole encryption keys allowing them to secretly listen in to mobile phone conversations around the world, according to leaked documents released by the US whistleblower Edward Snowden.

Details from a secret GCHQ briefing reveals how UK spies worked with American intelligence to hack a major SIM card producer and secretly unlock encrypted phone data, according to documents seen by the US news site The Intercept.

Spies were then able to tap into millions of phone calls, texts and emails from a “large portion of the world’s cellular communications” without having to have to get approval from courts, phone companies or foreign government, the report said.

Gemalto, the Dutch-based company apparently targeted by the hack, reportedly produces around two billion SIM cards each year. They are used by some 450 telecoms companies around the world including numerous major mobile phone operators
"GCHQ has quite a story to tell", as Charles Moore put it just over a year ago on 26 January 2014. Let's hope that he will continue to tell it and that he will, with his customary sagacity, set the story in its proper Constitutional context.


Updated 1.3.15

Reuters on the economic consequences of cybersurveillance:
China drops leading tech brands for certain state purchases

(Reuters) - China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.

Others put the shift down to a protectionist impulse to shield China's domestic technology industry from competition.

The lists cover smaller-scale direct purchases of technology equipment, and central government bodies can only buy items not on the list as part of a competitive tender process.

Chief casualty was U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but had none left by late 2014, a Reuters analysis of official data shows.

Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp's security software firm McAfee and network and server software firm Citrix Systems ...
(Hat tip: ElReg, Intel, Apple and Cisco crossed off Chinese Gov's kit list.)

2 comments:

Anonymous said...

The ball, as you put it, is not security services' use of these methods but the #CDB aims to extend their use to policing and government dept data sharing generally. The objective is to boost policing and institutional use of surveillancd/data mining by using terrorism as the lever. It is normalisation of what should be a security service tool protecting state critical interests, into in every area of our interaction with state and law. Everyday analysis of communications data: policing of private communications as if it were open behaviour on the street, but this is not the street, this is our private behaviour they want to have open access to.

David Moss said...

Look at those Telegraph headlines – the Communications Data Bill is being promoted as a protection against terrorism. A protection which, Messrs Moore and Nelson tell us, we already have and we would be naïve not to realise we have. My point stands.

So does yours, of course. Like the earlier Interception Modernisation Programme (IMP), the Communications Data Bill seeks to give sales ledger clerks in the town hall a rôle for which they are unfitted. What do they know about the laws of evidence and the related procedures?

As you say, that crosses the boundary between the public and the personal. Moore and Nelson have already sold the pass. If surveillance is in the interests of the public, it would be naïve of us to imagine that it isn't undertaken.

They ignore Francis Maude, among others, who believes that the laws prohibiting data-sharing are myths, which he promises to bust, so that our lot can be improved by unfettered data-sharing.

Post a Comment