News reaches us that Theresa May wants to re-introduce the “Snoopers’ Charter” – public legislation with secret implementation that has far-reaching effects on the ability of Britain’s Security Services to spy on us and our communications.
The bill will soon be read in Parliament, and it’ll pass. It will formalise the right of the state to intercept electronic communications, force internet businesses to collect and store data on browsing habits and social networks, and reduce parliamentary oversight of the security services.
Governments want to know what you know – ostensibly to solve crime. They want to maintain the right to open your letters – without acknowledging that the nature of communication has changed.
The right to listen in to the kind of casual conversation that happens over WhatsApp or Facebook messenger is akin to the right to put microphones in plastic flowers on coffee shop tables. Well, it won’t fly; it never does. Private business will take the decision out of government hands.
Whatever happens, the changes will be subject to the law of unintended consequences. You can see it in the headlines if you look for the work “backlash”.
- WashPo – Google encrypts data amid backlash against NSA spying
- Wired – Facebook Loosens Privacy Controls, Sparks a Backlash
- HuffPo – Obama Faces Backlash Over New Corporate Powers In Secret Trade Deal
Jimmy Wales, Wikipedia co-founder – has already said that Wikipedia will encrypt UK-bound internet traffic. Others will follow suit – rendering ISP collection useless and dramatically reducing the state’s ability to spy on us.
Two years ago, as a result of Snowden revelations that US Government agencies has been hosepiping data from their internal networks without permission or oversight, Facebook and Google both implemented Perfect Forward Security – a super-strong form of encryption and a massive “Fuck You” to the NSA.
Security Services in both British and US Governments whisper about an impending “data black-out” – the ultimate effect of widespread use of encryption by the population, where even with a search warrant or ministerial approval, your emails, search history, and IM messages simply can’t be read except by you.
Well, good. For years now, in total secrecy, successive governments on both sides of the Atlantic have known of – and approved of – a huge, unrestricted surveillance operation that sweeps up all your telephone conversations and internet traffic. All of it. Who you spoke to, for how long, and what you said. Where you were when you made the call. Who you emailed. Which websites you visited. What you googled for. Your online banking data. Your dating profile.
They knew if you were having an affair, they knew if you liked whips and chains. They made a concerted effort to unscramble any encryption you were using. They broke laws.
None of this was in any election manifesto, none of it had any democratic oversight, and none of it has made the slightest positive difference to legitimate law enforcement activities.
Our governments’ approaches to justifying this behaviour is subtly different – both try and persuade us that our data is being kept secure and only read when necessary, and both insist it is necessary for national security, but where the UK emphasises paedophilia and child kidnapping, the US plays on overblown fears of terrorism and a loss of global power.
The truth is, these are just words. Aside from the fact that terrorists acts and kidnapping are statistically insignificant, the actors involved in this surveillance have committed horrid crimes from the comfort of their desks. “LOVEINT” is the cutesy name given to the practice of checking up on the emails and browsing patterns of an ex partner. Isn’t that nice? These people are here to protect us. National Security. Anti-terrorism. It’s for your safety.
And as for all those tragedies that have been averted, the atrocities intercepted at the crucial last moment, the Holmesian puzzles solved – none of it happened. An Executive Branch board said as much in early 2014:
“We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation,”
A single instance. So what’s it for? Fight it.
Security by Default
Thankfully, things are moving in the right direction. Apple and Google have – despite hand-wringing protestations from law enforcement authorities – committed to enabling strong encryption by default in future versions of iOS and Android, respectively.
Traitor or not (not, clearly), the Snowden leaks have exposed to the world the extraordinary powers of the NSA, and have shown security researchers and mathematicians that they’re not the good guys. Sneaky, conniving, duplicitous, yes. Traitorous? Well, you decide.
It’s a welcome wake-up call for infrastructure developers everywhere – WhatsApp knows they have to fight the actual government to maintain your privacy. Facebook, Google, Apple, the same. Zuckerberg phoned Obama telling him to get his shit together. Security by default is the theme for the next decade.
The Right to Privacy
Is there a universal right to privacy? The only mention of the word in the Universal Declaration of Human Rights is a link to the privacy notice at the bottom of the page. But a lesser, more hole-ridden screed never was written. Look at article 11 then ask yourselves what happened at Nuremberg.
I’m not a believer in fundamental rights. Sorry, they don’t exist. Born free, lives in chains and all that stuff. While the UDHR is described as a recognition of existing inherent rights, it was rather an optimistic post-war manifesto written by Western powers, recognised by most, fully implemented by none.
But I do believe in right and wrong, I believe in social pressure, and I believe in the ultimate power of the people over the government. The nature of morality changes over time (thanks, Stonewall!) and legislation follows suit.
Towards a Market for Privacy
It’s simplistic to paint Google, Apple et al as the goodies and the British and American governments as the baddies. Apple has declared a strong commitment to privacy – Google less so. Facebook would sell you down the river for a glimpse of an advertiser dollar. But that doesn’t matter because data privacy is no longer a moral imperative – if it were, the nature of the discussion would be much different.
Rather, I believe privacy is now subject to market economics: it’s a scarce resource and – for some undefined unit – has a dollar cost. We need to throw cash at mathematicians and security experts, we need to lobby for an absolute right to privacy, and we need to support organisations like the ACLU and the EFF to fight the good fight on our behalf.