Saturday, October 18, 2014

ISC round table

Following written a submission to the Intelligence and Security Committee's inquiry into privacy and security, I was invited to take part in a round table discussion with the Committee that took place earlier this week.

It did actually involve a round table or three to be precise. The members of the committee split themselves amongst the tables to explore the written evidence of a collection of people from academia, industry and NGOs.

At my table were Conservative MP, Dr Julian Lewis and Lord Butler, along with Caspar Bowden, Eric King of Privacy International and Andrew Watson of OMG. Dr Lewis came armed with print outs of our submissions with various parts underlined which he wanted to quiz us about in further detail.

Discussions were interesting and I came away slightly more positive than I had expected. I was impressed in particular at Lord Butler's capacity to grasp some of the key issues and ask insightful questions.

I've sent Dr Lewis and Lord Butler some follow up comments in an effort to clarify some of the points I made at the meeting.

"Dear Dr Lewis and Lord Butler,

Thank you for the opportunity to meet in the context of the ISC's inquiry into privacy and security.

If I may, I'd like to make an effort to further clarify two or three points I don't believe I articulated very clearly at the meeting.

On the question of the impossibility of securing giant databases, another way to look at it is to understand that information systems are socio-technical systems. They are made up not just of the technology but the organisational processes and people used to build, deploy and operate them. It's the giant information system as a whole that is impossible to secure. Generally computer scientists will tell you that these systems can have two of three key features - security, usability and scale - they can be secure and usable OR secure and scalable OR usable and scalable but never all three.

On the difference between information technology and information systems you can think of it as the difference between radar (information technology) and the British air defence system (information system) that was crucial to winning the Battle of Britain during the World War II. By 1939 Britain had created an integrated information system to collect the raw data on approaching enemy aircraft, from their chain of radar stations (IT) and (visuals from) the Observer Corps (human IT). This raw data was passed on (via the radio telephone and teleprinter networks) to Fighter Command Headquarters filter room and an integrated set of operations centres, where it was assessed, filtered, analysed and turned into useful information at varying levels. This then facilitated the scrambling of the right fighter squadrons and even more specific instructions to be radioed to the RAF pilots once in the air, to enable them to intercept their enemy at the earliest opportunity.

The Germans had better information technology (radar). The British had the better information system i.e. radar, human intelligence, signals intelligence, and an integrated, purpose-developed system, allowing the situation to be viewed holistically, as well as delivering the right information to the right users, at the right levels, in a useful format and in sufficient time to act on it.

Dr Lewis, you seemed a little offended by my characterisation of the data mining of the mass trawl of personal data collected by government as a "post hoc fishing expedition." I apologise if I offended you - that was never my intention.  My point essentially is that government has never had the power now at its disposal to peer into the intimate details of people's lives. The mass collection of data is in itself a fundamental problem in practice and in law.  Privacy as a check on government power represents a democratic requirement that limited government must have limited power to access our daily lives. An omniscient government is too powerful for rules, regulations or laws to restrain. There will progressively always be another public official who will be able to make a compelling case for access to the rich trove of information in a valuable giant government database. If the security services find it useful why shouldn't law enforcement or revenue officials or social security officials and so on. You have to take a look at the 14 year history of the Regulation of Investigatory Powers Act to see this kind of mission creep in this context.

It seems increasingly to be the belief amongst MPs that blanket data collection and retention is acceptable in law and that the only concern should be the subsequent access to that data. Assertions to this effect are simply wrong both in relation to more modern human rights law and also long standing English law.

The April European Court of Justice (ECJ) judgement restated the position clearly that mass indiscriminate data retention "constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter." (Para 34 of the decision). Article 7 of the Charter of Fundamental rights, as you know, guarantees everyone “the right to respect for his or her private and family life, home and communications”. The European Court of Human Rights (ECtHR) laid down the same prohibition of blanket retention in the S. and Marper v UK case in December 2008.And I've already alluded, in my original submission, to the principles laid down in the Entick v Carrington case of 1765 with which this mass personal data collection is incompatible.

Please do not be misled into the erroneous belief that retention is acceptable and access is therefore the only problem. Underpinning any future regulatory framework in this area with such a fundamentally flawed assumption would be a big mistake on many levels. Both retention and access in and of themselves present serious article 7 and article 8 challenges, as the ECJ, the ECtHR and many other national courts have made clear.

On the question of whether ISPs have a moral obligation to cooperate with law enforcement, commerce doesn't do morals, only have bottom lines. Directors of business have a fiduciary duty to maximise return to shareholders. They only guaranteed way to get telecommunications companies to cooperate is to make it their legal duty. There is no reason why ISPs should not be required to cooperate, in relation to a court supervised warrant, regarding particular information relating to a specific individual about whom there is reasonable cause to harbour suspicion that they may be or have been involved in criminal activity.

Lord Butler, I very much commend your comment to the effect that the case for targeted rather than mass personal data signals intelligence collection seemed compelling. If that idea alone has come out of the Committee's consultation process then it will have been very worthwhile.

Thank you for taking the time to meet and I hope you found it useful. If you need any further clarification of the above points or I can provide any further assistance please let me know. I wish you all the best with your ongoing deliberations.

Regards,

Ray"

Paul Bernal was at one of the other tables, as was Suw Charman, though I was not familiar with other attendees.

The subsequent public session the committee held with the Home Secretary just depressed me again. We have a seriously long way to go in the UK before we start getting a rein on mass surveillance. The ISC is the prevailing key line of defense in Parliament against the worst excesses of this. Mrs May's appearance is yet another indication that they are desperately in need of more resources to perform their duties and in particular permanent and extensive independent technical expertise.

Monday, October 13, 2014

The umbrella man

I was reminded this morning of Errol Morris's exploration of the story behind the one man seen standing under an open black umbrella at the site of JFK's assassination.

The Umbrella Man from The New York Times - Video on Vimeo.

The man testified before a congressional committee in 1978 about why he was there that day holding his umbrella up - it was a protest at the appeasement policies of JFK's father Joseph Kennedy when he was ambassador to the court of St James in 1938-39. It was reference to Neville Chamberlain's umbrella. Morris thinks the testimony is "just whacky enough to be true" and he believes it is. Bottom line? You can never, on your own, think up all the non-sinister reasons for a peculiar fact.

Greenwald on why privacy matters

Glenn Greenwald gave talk at TED last week on why privacy matters.

Sunday, October 12, 2014

John Naughton interview with Edward Snowden

John Naughton interviewed Edward Snowden at the Observer Ideas event this afternoon.

The YouTube version of the video I originally embedded here is no longer showing the message "Please stand by. We're experiencing technical difficulties."



My notes on the interview below. These may be added to sporadically as and when I get time to type them up.

JN: In June 2013 the world was astonished by some dramatic revelations - first published in the Guardian which won a Pulitzer prize for the work, the first time a British newspaper has ever won a Pulitzer - via a trove of top secret documents released by a young geek, Edward Snowden, of the extent of GCHQ and NSA snooping. He's the most famous geek in history, the most hunted man on the planet and the most courageous geek that JN knows. He left a comfortable lifestyle in Hawaii, flew to Hong Kong where he met trusted journalists and then onto Moscow, en route to what he believed would be Latin America. At that point the US government revoked his passport effectively rendering him stateless in Russia.

Why?

They could have let him fly to Latin America and had some CIA operatives bundle him into a plane and render him to solitary confinement in New Mexico or Guantanamo or somewhere else.

Using Skype for the interview and audience need to be aware that the definition of technology is something that nearly works.

Having some problems connecting. Could be GCHQ or something else.

First question - what comes across in the leaked documents is the apparently close working relationship between the NSA and GCHQ. But computer security community refer to GCHQ as the "overseas franchise of the NSA". Is that an accurate characterisation of the relationship? Or is GCHQ a bigger player than we think and the documents might suggest?

At this point comms fail.

There's some back and forth and eventually they get partially restored - we can hear Snowden but he can't hear John's questions. So off screen, Guardian journalist, Carol Cadwalladr, types John Naughton's questions for Edward Snowden to read.

Eventually Snowden receives the question.

ES: Yes. GCHQ is a big player. There is an extraordinarily large and secret and unaccountable mass surveillance system in the US. But constitutional protections prohibit even the passing of laws that might enable these programs. Despite this it is happening in the US.

In the UK you don't have the same constitutional limits on the sort of laws that parliament can pass. We've seen the creation of a system of regulations where basically anything goes. GCHQ and other government spy agencies can do anything they want. There are no limits on their capabilities.

They collect everything that might be of interest to them - basically a 5 year backlog of all the activities of citizens of the UK e.g. through collections of their metadata records. Then they say we collected this information but we won't look at it. We'll protect it through some kind of policy protections, and limited rules. Though we'll watch all the time  we won't look at what we've gathered unless we go through a certain procedure.

Even if you believe that is reasonable -
it's not because that is not how rights work - you don't have to say why you deserve privacy - it's up to the government to justify it's intrusions into your rights - you don't have to justify why you need a right or it's not a right at all
- but even if you do think this is reasonable, these policy rules for access to that information are not uniformly applied.  It's basically open season...

GCHQ go much further than the NSA because they use unlawfully collected information to pursue basically criminal prosecutions. And they use this to share with other countries. They use intelligence powers for law enforcement purposes and that is dangerous.

Evidence is collected against us but we don't have the opportunity to challenge it in the courts. Judges are not aware where this evidence originates from. This undermines the system of laws and system of justice upon which we all rely.

JN: The other side of this coin are the commercial companies like Google. Yesterday you said some very hard things about Google, Facebook and Dropbox. Are you seriously suggesting people should avoid using services provided by these companies?

[At this point there is a delay and interference on the connection which prompts John to quip "this question is being parsed by someone in the intelligence community". That got a laugh]

ES: What I'm trying to say is not that they are the worst thing on planet earth. What I'm saying is that when we as consumers have a choice between 2 services, one hta tprotects your privacy and one actively hostile to privacy, we should support the one that supports our rights, the one that encodes it into their policies.

Facebook is one example where it is very difficult to find alternatives. Dropbox, however, is not. There are many many alternatives to Dropbox. Dropbox say they encrypt  your data  but they keep the key. So an government in the world from the US to the UK to China can request access to your files and Dropbox can provide it.

SpiderOak is a better alternative. They don't permit themselves that capability. Because if government is going to issue a warrant it should go to you, the person that has control of this information; not a corporation that can't bring the same challenges as you because they won't have standing - it is not their privacy being violated.

JN: The extent of public disquiet about what intelligence agencies are doing varies across the world. For example in the UK most people seem very relaxed about what the documents you released have revealed. If that is the case across the world then surely nothing much is going to happen despite the revealations?

ES: I don't think it is true that because the public reacts less strongly in one jurisdiction than another that there will necessarily be no change.  When I initially came out about this and talked to technologists and computer scientists about this problem there are broadly two tracts.

The first is political.

In our national legislatures we can push for reform, for increased respect for rights, a restoration of respect for rights that we've lost in the "terrorism era".

There are many countries around the world and not just the UK where we have this problem with public engagement. In the US uniformly every newspaper across the country reported on this scandal and they talked about why we need to change, what kind of reforms are needed and they debated where the line should be drawn.

In the UK we haven't seen that happen. Only one newspaper, The Guardian, did that. All the other papers - I don't know why, whether it is cultural because they felt they'd been cut out of the story or cut out of information sharing - didn't cover it. Or covered it in a hostile way that I think did a disservice to the public.

And even when legislatures push back with the notion it doesn't really matter what the public feels, we are the rulers, we will decide; if you have a problem with that vote us out; but we control the media so you're not going to do that either.

Political reform is a challenge in many places around the world but that's always been the case.

However, even if there is even only one part of the world - it can be Germany or the US or London - where we have a technical community that believes this is a real problem - mass surveillance & GCHQ strategy of amassing a haystack of human lives and sorting through it whenever they want trying to find needles - is contrary to the values we as a society hold, they can institute protections of a technical variety that enforce our rights in a way that's not dependent on national laws.

[RC: That's optimistic]

Because lets say in UK, supposing we pass robust new reforms that prevented infringement of rights of citizens of UK by intelligence agencies. Well that is not going to restrict Chinese government or governments of Latin America, US, Russia, Africa or other country or even France.

If things are not encoded or on a technical level; if they are not enforced at the level of systems rather than just words on a page they are not really going to be meaningful when all our systems are reliant on cross border international relations.

[RC: Problem with relying on this approach is not many people understand the technology well enough to be able to check if it is doing what it says its doing. Evoting being a case in point]

We need international solutions for global problems.

JN: I'd like to talk to you about technical stuff but I'm getting a lot of pressure form the audience to ask you about yourself. Here's a question someone's thrown at me - you were basically living in paradise in Hawaii, with pole dancer for a girlfriend. That's most people's dream life. Are you mad?  (John additionally quipped whilst waiting for the question to be relayed that it wasn't his idea of a dream life but there you go).

ES: You know... ah... ... [laughter from audience] ... I've had to make a lot of sacrifices. I risked my freedom. I lost my job. I lost my home. I haven't been able to relate to family the way I once did. And I can't return to my home country. That's ...eh .. a lot to give up. But my biggest fear when I did this was not what would happen to me. I didn't care what would happen to me. Because this is not about me. I'm simply the mechanism of revelation.

What matters is that in our times - this post 9/11 period, this post 7/7 period - we have seen the public increasingly lose rights again and again to a state structure, a security structure. It's becoming increasingly empowered. At the same time it's becoming increasingly secret.

So the big questions that go beyond surveillance into what kind of world do we want to live?

Do we want to live in a world where government make decisions for the whole of society behind closed doors without accountability to public opinion or to our shared laws?

When you ask me this I have to say no. The country that gave us the Magna Carta believes there are lines. There are limits that even the government must comply to.  And when government unchains itself from any kind of restrictions, when government says
the ends justify the means
we have transitioned from the point of a democratic liberal society into one that is more authoritarian.

And the question is - is this really something that officials can determine on their own. OR is that a decision for the public? And we can't make these decisions if we don't know about them.

All democratic societies are founded on the principle that the consent of the governed is from where all governments draw their legitimacy. An consent is not meaningful if it is not informed.

And that is the challenge we saw last year and that's why we've seen the strength of the response we've had today. And, ultimately, I think that's why things will change.

We are transitioning out of the terror era and recognising that younger people today are the beginning of a post terror generation that have different values and are not prepared to give up their rights without seeing that these programs are necessary; and that they respect the foundation of our societies.

JN: Are you surprised that we now know there is a second whistleblower? Have you started something that is going to roll?

ES: I'm not. No.

I think it was inevitable. You know people have called me. They've had this big debate. Am I a hero? Am I a traitor?

First up it doesn't matter. These issues are not about me. They're about us. And it doesn't matter what happens to me. Whether I'm loved by history or whether I disappear into a hole.

[RC: Hope that doesn't happen literally]

We should not say this person is a hero. WE should not praise the hero we should praise the act. Because I'm an ordinary person in extraordinary circumstances. This other person, whoever they are, it is extraordinarily courageous that after seeing the thing that comes to whistleblowers before in the US - people had their lives destroyed, their carreers destroyed, thrown in prison for 35 years, that this person would stand up and put their life on the line because they believe they have a civic duty that they hold more dear than their self interest.  And that is something - I don't care who the individual is; I don't care whether they are the deepest darkest criminal - that is something we should respect.  WE should value and promote. Everyone has a role to play in government, a role to play in our societies. And if you believe in something you have to stand for something.

JN: Edward Snowden, thank you very much and I hope you have a nice weekend.

[Uproarious round of applause from the audience]

JN: I'd just like to thank you all for your forebearance. Remember what I said about technology - if it doesn't quite work, that's what technology is.

[More loud applause as John walks off the stage]

Compare of the event [need to check] comes on and notes: One of the reasons Edward Snowden agreed to do his first interview at a UK event was John Naughton. In discussions with his people they cited John's writing and how perceptive he had been about technology and the way he has covered the Snowden revelations over the last year or so.

[RC: Entirely appropriate John's terrific work should be publicly acknowledged in this way]

Additionally Carole Cadwalladr was also crucial. She pursued Edward Snowden's people and was typing John's questions to Snowden off stage and both John and Carole are a huge part of the reason you heard him today.

Tuesday, September 30, 2014

Which rights should we discard?

As the Tories launch into their latest 'human rights are the root of all evil' fest, at their last annual conference before the next general election, I'd like to ask David Cameron and his party colleagues a question posed by the late Lord Bingham, relating to the rights laid out in the Charter of Fundamental Rights of the European Union,
"Which of these rights, I ask, would we wish to discard? Are any of them trivial,
superfluous, unnecessary? Are any them un-British?"
Just to be clear which of -
  • Human dignity? (article 1)
  • Right to life? (article 2)
  • Right to the integrity of the person? (article 3)
  • Prohibition of torture and inhuman or degrading treatment or punishment? (article 4)
  • Prohibition of slavery and forced labour? (article 5)
  • Right to liberty and security? (article 6)
  • Respect for private and family life? (article 7)
  • Protection of personal data? (article 8)
  • Right to marry and right to found a family? (article 9)
  • Freedom of thought, conscience and religion? (article 10)
  • Freedom of expression and information? (article 11)
  • Freedom of assembly and of association? (article 12)
  • Freedom of the arts and sciences? (article 13)
  • Right to education? (article 14)
  • Freedom to choose an occupation and right to engage in work? (article 15)
  • Freedom to conduct a business? (article 16)
  • Right to property? (article 17)
  • Right to asylum? (article 18)
  • Protection in the event of removal, expulsion or extradition? (article 19)
  • Equality before the law? (article 20)
  • Non-discrimination? (article 21)
  • Cultural, religious and linguistic diversity? (article 22)
  • Equality between men and women? (article 23)
  • The rights of the child? (article 24)
  • The rights of the elderly? (article 25)
  • Integration of persons with disabilities? (article 26)
  • Solidarity (articles 27 to 38) 
  • Citizens rights (articles 39 to 46)
  • Right to an effective remedy and to a fair trial? (article 47)
  • Presumption of innocence and right of defence? (article 48)
  • Principles of legality and proportionality of criminal offences and penalties? (article 49)
  • Right not to be tried or punished twice in criminal proceedings for the same criminal offence? (article 50)
  • General provisions (articles 51 to 54)
- would the main party of government wish to discard? Are any of these rights trivial, superfluous, unnecessary? Are any them un-British?"

Monday, September 29, 2014

Ineffectiveness of airport naked scanners

I'm reminded of Austrian professor Werner Gruber's exposé on German TV (from 2010) of just how useless airport naked scanners are as a security measure. Prof Gruber, of the Institute for Experimental Physics in Vienna, manged to hide the components of an incendiary device from the scanner, then promptly went outside and demonstrated, in spectacular fashion, what the scanner had missed.



But be AMAZED be VERY AMAZED at how this WONDERFUL high tech FULL BODY SCANNER WILL PROTECT YOU - The machine did pick up his mobile phone and studio microphone.

Friday, September 26, 2014

Generations

The mindset of FBI director, James Comey, appears to be that of someone who believes the lives of all citizens should be on permanent display for government inspection and approval. Privacy, remember, is only for criminals. Apart from the fact that this won't be the first or last time that Apple or other commercial enterprise overstates the potential efficacy of its product features in any particular context, Mr Comey's belief that he has the right, nay, duty to berate the company for its modest implementation of privacy enhancing technology is not one I can share.

It's not a big logical leap for a society that normalises mass collection, processing, analysis and storage of communications (metadata and content, even if the distinction is no longer clear) to consider that those who would wish to opt out, or those that would help them do so, should be considered anomalous and suspicious.

It's not a big logical leap to say we'll collect all the information but don't worry it's only "seen" by the computer, not real people, so it's not real surveillance; and it will only be looked at for evidence of wrongdoing by bad guys... or those linked to bad guys... or those linked to those linked to bad guys...

It's not a big logical leap to say we're not collecting enough information.

Everything will be easier or better or more efficient if only we collect more.

Big data is the future of commerce and government.

We already have mass telephone and internet interception, let's install CCTV cameras in all homes. Oh yes, people already have webcams attached to their computers and we have already collected millions of users' Yahoo webcam images. But that's only in the rooms with computers and the cameras don't cover all corners of the rooms. And, after all, the footage will only be collected and "seen" by computers, not real people, so it's not real surveillance.

And we don't have to record the audio. At least at first. So we don't know what people are actually saying to each other. So it's only metadata. We know where they are and who they are talking to and for how long but not what they are actually saying to each other.  If we surreptitiously use lip reading programs that's only to detect serious criminality.  Ah, you know what, we have to protect people so it doesn't matter if we record the audio too. It will only be 'seen' by computers.

And if you have nothing to hide you have nothing to worry about.

It's not a big logical leap to say, you know all that information in all those giant databases? We should be using it not just to catch terrorists but to catch
It's not a big logical leap to say we shouldn't just limit it to these serious criminals. We need to apply use of this information to illegal immigrants, benefit scroungers, criminal youths, burglars, petty criminals, drunkards, louts, vandals, offensive people, inner city sink estates with unruly families who may cause trouble, ethnic minority communities which may have a link to a religion extreme forms of which may be cited as an excuse for murder and mayhem, Romanians (if UKIP ever get a say), the poor, disabled or sick or elderly...

It's not a big logical leap to say we need to use this information to improve public services -
  • the NHS
  • education
  • social welfare
  • policing and criminal justice
  • intelligence
  • defence
  • foreign affairs
  • economy
So people with a HSCIC database determined genetic predisposition towards contracting certain kinds of cancers may be required to take out private health insurance just in case they become a disproportionate drain on the NHS. Or kids with mental health or special educational or social needs be excluded from good schools so they don't disrupt the normal kids.

Even the most dedicated of public servants, and I have the privilege to know a lot of them, heavily under-resourced and under relentless pressure for outcomes, from management or politicians of varying levels and competence, succumb, with the best of intentions, to the temptation of mission or function creep.

It not a big logical leap to convince ourselves it is ok to use data or facilities gathered or created for one purpose for an additional 'useful' or convenient or target facilitating purpose.

Dedicated people in all walks of life bend/break/ignore/re-interpret/renew the rules because everyone else is doing it, so it's not a big deal.

But this combination of the normalisation of mass surveillance, function creep and (sometimes) well intentioned rule making and rule breaking create the conditions for the poisonous snakes in suits of the world to thrive. And it only takes a handful of them in the wrong places to cause widespread misery and abuse of human rights.

The sad thing is we can and sometimes do design, build, operate and use communications systems, computers and big data in socially, economically and legally enlightened ways, in the public good, when we do so intelligently and ethically. But we're often failing to do so. The seductive attractions of convenience, instant gratification and the ease and power with which all personal data can be collected, processed and stored (the economic agents doing the collection can figure out how to exploit/use/monetize it later), beat intelligence, ethics and the public good, every time.

I was chatting with my elder teen late one evening this week about some of this. I expressed a concern that he and his kids would be asking me, in my dotage, what the hell I thought I was doing when we were building the communications infrastructure of a surveillance state. After all, all that is required for evil to prosper is for good people to do nothing.

"Dad," says he, "I can guarantee that's one question I'll never have to ask you."

I'm wasn't sure whether to be flattered that he over-estimates the efficacy of my efforts in this landscape, sad that he may change his mind, concerned that I've burdened him with my worries or optimistic that he and his generation are smarter than me and mine; and they will put those smarts to good effect in building a more equitable and enlightened world.