Round-up: Scrambling for Safety 2012
On Thursday 19th April, Privacy International - in partnership with the LSE, the Foundation for Information Policy Research, Open Rights Group and Big Brother Watch - hosted Scrambling for Safety 2012, a discussion of the Home Office's new plans for mass interception in the UK. Around 200 people turned up (despite the sporadic but torrential rain!), and the number of insightful, well-informed questions from the audience proved to us that the Home Office is not going to get this one past the British public without a fight. The event was livestreamed and videos of each panel are now available to watch. Many thanks to everyone who came and contributed.
Privacy International's Gus Hosein kicked off the event with a summary of the recent history of communications surveillance in the UK, comparing Labour's Interception Modernisation Programme (IMP) with the Coalition's Communications Capabilities Development Programme (CCDP). Despite the current government's insistence that CCDP is radically different to its predecessor, Gus explained that in fact the two programmes are effectively identical. Proponents of CCDP have been hammering home the fact that it does not involve a centralised database, but in fact neither did IMP; the idea of a central database was floated in 2006 but subsequently dropped. Obfuscation and misdirection seem to have become valid political tools, creating a knowledge vacuum in which bad technological policies get pushed through simply because no one quite understands them.
The first panel discussion was opened by Shami Chakrabarty, Director of Liberty. She asked whether the logical end to the Home Office's plans would be a microphone and camera in every home, given that the justification for CCDP was the idea of pre-emptive, untargeted surveillance and statistically every home is likely to become a crime scene at some point. Her observation "They say the innocent have nothing to hide - but they do have something to protect" would have made an appropriate strapline for the whole event. The two MPs on the panel - Julian Huppert and David Davis - both lamented the lack of technical know-how displayed by Parliamentarians and civil servants, suggesting that even CCDP's supporters don't really understand the implications of what they're championing. Huppert also bemoaned the practice of giving civil servants dual roles, thus creating serious conflicts of interest - the prime example being Charles Farr, Director General of the Office For Security and Counter-Terrorism and a serving MI6 spook - while Davis warned that if CCDP went ahead it would threaten the whole concept of whistle-blowing in the UK.
Ross Anderson of Cambridge University elucidated some of technical details to the audience, explaining that once the black boxes at ISPs and phone networks are in place, GCHQ will gain the ability to access content as well as traffic data - the question is not just whether we trust the current government, but whether we are prepared to trust all future governments with this kind of power. The distinction between 'content' and 'traffic data' has been one of the major points of discussion since the Home Office's plans were revealed by the Sunday Times on April 1st; the Home Secretary and others have been eager to point out that "no one is going to be looking through ordinary people’s emails". However, in a technical briefing between panels, Professor Peter Sommer of the LSE explained that the distinction is increasingly blurred and useless, and that what we might classify as 'traffic data' could in fact contain more valuable information than the content of communications.
Anderson also raised the question of export controls on surveillance technology, an area that Privacy International has been working on for about eighteen months. He argued that the reason the Department for Business, Innovation and Skills is stalling on imposing export controls is because they want British-manufactured surveillance technology - with backdoors for GCHQ built in - installed on networks in countries like Syria. In other words, the government are deliberately allowing dangerous technologies destined for use as tools of political control and oppression out of the UK because it gives them quick and easy access to foreign intelligence.
The second panel also included Professor Douwe Korff, who gave a presentation on the legal implications of CCDP - like Shami Chakrabarti, he concluded that preventive, indiscriminate, long-term, suspicionless mass monitoring would breach Article 8 and thus be unlawful. Sir Chris Fox, former President of the Association of Chief Police Officers (ACPO), was also in almost complete agreement with Chakrabarti, stating plainly that the kind of information gathered by the black boxes would very rarely be useful in police investigations. A retired Special Branch police officer who was in the audience subsequently spoke up to agree that the amounts of data gathered by mass surveillance were incredibly unlikely to aid policing, giving the example of the Toulouse gunman, who was under police surveillance before the attacks in March (police were unable to detect and thus pre-empt his plans because they didn't have time to sift through the vast quantities of communications data available to them). Sir Chris told the audience that terrorist incidents in the UK at some point in the future were an inevitability, but that this (relatively minuscule) risk was balanced by living in a free society.
Two voices on the second panel seemed controversial for a predominantly anti-CCDP audience. Liberal Democrat MP Tom Brake had unfortunately arrived late and missed Gus's opening speech, as he proceeded to speak at some length on the "original proposal" of a centralised database! David Smith, a senior executive at the Information Commissioner's Office, also provoked an irate reaction from the Twittersphere by claiming that the ICO would ensure that CCDP was implemented in a "privacy-friendly" way if passed by Parliament.