Monday, June 18, 2012

Coalition mass surveillance bill

There has been little doubt for some time that the Home Secretary, Theresa May, has been completely house trained and now buys into the mass surveillance mindset of her Nu Labour predecessors.  The latest evidence comes in her scaremongering justifications for the indefensible draft Communications Data Bill (CDB).
"As criminals make increasing use of internet based communications, we need to ensure that the police and intelligence agencies continue to have the tools they need to do the job we ask of them: investigating crime and terrorism, protecting the vulnerable and bringing criminals to justice.
For many years our police and security and intelligence agencies have used communications data from landline telephones and mobiles to catch criminals and to protect the public. This information – which does not include the content of a phone call or email – has played a role in nearly every serious organised crime investigation and in all major Security Service counter-terrorism operations over the past decade and is fundamental to policing across the UK. But the ability of the police and others to use this vital tool is disappearing because communications data from new technologies is less available and often harder to access. Without action there is a serious and growing risk that crimes enabled by email and the internet will go undetected and unpunished, that the vulnerable will not be protected and that terrorists and criminals will not be caught and prosecuted. No responsible Government could allow such a situation to develop unaddressed.
The purpose of this Bill, therefore, is to protect the public and bring offenders to justice by ensuring that communications data is available to the police and security and intelligence agencies in future as it has been in the past."
All the old bogeymen are wheeled out.  In multiple media engagements she drags up all four horsemen of the infocalypse - terrorists, drug dealers, child abusers and organised crime - and more, on several occasions quoting the Met police chief as insisting passing this legislation is a "matter of life and death".

She goes to great pains to point out that the CDB is "not about creating big government database - communications service providers will be asked to hold this data". (That's "asked" as in compelled). The attempt to distance herself from the Nu Labour apparatchiks obsessed with massive database cures for all ills is laughable. As if compelling commercial communications providers (and potentially everyone if the broad definitions in Clause 28 of the Bill are any guide) to build and maintain massive databases to which government has open access is somehow morally superior?!

Let's just look at what part 1 of the draft bill actually says as opposed to "we just want to protect you cuddly kittens" newspeak version promoted by the Home Secretary.
"1 Power to ensure or facilitate availability of data
(1) The Secretary of State may by order—
(a) ensure that communications data is available to be obtained from telecommunications operators by relevant public authorities in accordance with Part 2, or
(b) otherwise facilitate the availability of communications data to be so obtained from telecommunications operators.
(2) An order under this section may, in particular—
(a) provide for—
(i) the obtaining (whether by collection, generation or otherwise) by telecommunications operators of communications data,
(ii) the processing, retention or destruction by such operators of data so obtained or other data held by such operators,
(iii) the entering into by such operators of arrangements with the Secretary of State or other persons under or by virtue of which the Secretary of State or other persons engage in activities on behalf of the operators on a commercial or other basis for the purpose of enabling the operators to comply with requirements imposed by virtue of this section,
(b) impose requirements or restrictions on telecommunications operators or other persons or provide for the imposition of such requirements or restrictions by notice of the Secretary of State.
(3) Requirements imposed by virtue of subsection (2) may, in particular, include—
(a) requirements (whether as to the form or manner in which the data is held or otherwise) which ensure that communications data can be disclosed without undue delay to relevant public authorities in accordance with Part 2,
(b) requirements for telecommunications operators—
(i) to comply with specified standards,
(ii) to acquire, use or maintain specified equipment or systems, or
(iii) to use specified techniques,
(c) requirements which—
(i) are imposed on a telecommunications operator who controls or provides a telecommunication system, and
(ii) are in respect of communications data relating to the use of telecommunications services provided by another telecommunications operator in telecommunication system concerned.
(4) Nothing in this Part authorises any conduct consisting in the interception of communications in the course of their transmission by means of a telecommunication system.
(5) In this section—
“processing”, in relation to communications data, includes its reading, organisation, analysis, copying, correction, adaptation or retrieval and its integration with other data,
“relevant public authority” has the same meaning as in Part 2.
(6) See—
(a) section 25 for the way in which this Part applies to public postal operators and public postal services, and
(b) section 28 for the definitions of “communications data” and “telecommunications operator” and for other definitions relevant to this Part."
I won't dissect all the parts of clause 1 here but the introduction to the draft bill itself explains what this means:
"Part 1 makes provision for ensuring or otherwise facilitating the availability of communications data to be obtained from telecommunications operators. Clause 1 enables the Secretary of State, by order, to ensure that communications data is available to be obtained by public authorities" 
The bottom line is that the relevant Secretary of State, most likely the Home Secretary, gets unlimited powers to mould data access regulations in perpetuity without the need to consult parliament in any meaningful way:
(1) The Secretary of State may by order—
(a) ensure that communications data is available to be obtained from telecommunications operators by relevant public authorities in accordance with Part 2, or
(b) otherwise facilitate the availability of communications data to be so obtained from telecommunications operators.
(2) An order under this section may, in particular—
[...]
(b) impose requirements or restrictions on telecommunications operators or other persons or provide for the imposition of such requirements or restrictions by notice of the Secretary of State"
This is basically a really dangerous Henry VIII clause. There is no mechanism for amending Henry VIII orders and they usually get rubber-stamped by Parliament without material scrutiny.  Ms May and her successors get to order anyone to do anything that can be related to facilitating access to communications data:

If you combine this with, as Francis Davey points out, with the broad definitions given in clause 28 of the bill, e.g.
"“person” includes an organisation and any association or combination of persons
[..]
“telecommunications operator” means a person who—
(a) controls or provides a telecommunication system, or
(b) provides a telecommunications service,
“telecommunication system” means a system (including the apparatus comprised in it) that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy,
“telecommunications service” means a service that consists in the provision of access to, and of facilities for making use of, a telecommunication system (whether or not one provided by the person providing the service)"
- this Bill could theoretically, as currently drafted mean that we might be obliged to keep "who, what, when and where" records of family and friends social gatherings which involve listening to music, TV watching, internet or mobile phone use, electronic gaming or just chatting.

Wendy Grossman summarises it nicely:
"So we're talking - again - about spending huge sums of government money on a project that only a handful of people want and whose objectives could be better achieved by less intrusive means. Give police better training in computer forensics, for example, so they can retrieve the evidence they need from the devices they find when executing a search warrant.
Ultimately, the real enemy is the lack of detail in the draft bill. Using the excuse that the communications environment is changing rapidly and continuously, the notes argue that flexibility is absolutely necessary for Clause 1, the one that grants the government all the actual surveillance power, and so it's been drafted to include pretty much everything, like those contracts that claim copyright in perpetuity in all forms of media that exist now or may hereinafter be invented throughout the universe. This is dangerous because in recent years the use of statutory instruments to bypass Parliamentary debate has skyrocketed. No. Make the defenders of this bill prove every contention; make them show the evidence that makes every extra bit of intrusion necessary."

So much for the promising promises of the then new coalition government in 2010 "to reverse the substantial erosion of liberties under the Labour government". Henry Porter's optimism at the time has given way to weary disappointment as he points out that the authoritarian forces within government pressing for a surveillance state are alive, well and thriving,
"the onerous truth is that the price of liberty is eternal vigilance...
We should not let this bill pass."
Indeed.

No comments: