Wednesday, 2 May 2012

Over 650 words, and not one George Orwell reference. Result.

You may have heard about the Government's proposed plans to extend online surveillance powers to a frankly ludicrous degree. I certainly have, so I wrote the following letter, which will be going to my MP tomorrow morning. If you feel so inclined, can I suggest you do something similar, and kill this kind of legislation before it gets going?

(This being the Internet, personal details have been excised.)

Dear [my MP],

I am writing to ask you to oppose the recently reported Government plans to introduce much more pervasive monitoring of online activity. It seems clear that these plans are deeply flawed on a number of levels, and I'm very concerned (particularly speaking as a [my occupation in the IT industry]) about the possible impact on both civil liberties and the IT industry as a whole.

The plans, as reported by the BBC, would apparently involve requiring internet service providers (ISPs) to provide records of their users' emails, social networking and web use to GCHQ on demand, without warrants. These records would be sufficient to determine the recipients of emails sent by users, the list of sites that they had visited, and the amount of time spent in contact with others.

My first objection to these plans is from a civil liberties perspective. At present, this information is protected by considerable legal force, such that any request for it would need at least some form of judicial review. Removing this judicial oversight gets rid of both a short-term protection from the abuse of this power (and it is very evident that power of this type is frequently abused – witness the use of the Regulation of Investigatory Powers Act 2000 to spy on parents who are suspected of not living in the catchment area for a particular school), and also means that such abuses would not be recorded in any way that could result in their later prosecution. Even if we were to trust the current governmental security services with this power (and I generally do), it is extremely dangerous to put such a power at the disposal of any and all future governments.

Secondly, the proposed plans would not be of any real benefit in terms of preventing crime or terrorism. It is trivially easy to defeat this kind of network surveillance in several ways, either by using a service such as Tor to route one's requests and emails through a network of anonymous servers, or by using an encrypted Virtual Private Network (VPN). Both of these technologies are freely available and widely known (my workplace has been using VPNs frequently for years), and any organised crime network or terrorist cell with any kind of competence is almost certainly already using them. In short, the surveillance plans as put forward would do no good at all in catching criminals, but would do a fantastic job of invading the privacy of innocent citizens.

Thirdly, the security implications of requiring ISPs to keep detailed records of everything that a user does are immense and worrying, in no small part because it is difficult to predict what could happen if these records were released to the public (through incompetence, hacking, a disgruntled employee, or any other scenario). To give you an example, in 2006 AOL released a large text file containing web searches made by many of their customers. Although they had had the foresight not to put names or personally identifying details beside each of the searches, because people tend to search for things personally connected with themselves it became very easy to work out who these people were, resulting in a huge loss of privacy for the people concerned.

Embarrassing though such an event was, it would be as nothing compared to what could happen if an ISP's user data collected in accordance with the Government's surveillance plans were to be released. Such an event could quite easily result in identity theft and fraud on a massive scale, not to mention the accompanying loss of confidence in both the ISP in question and the wider IT sector – a loss of confidence that we can ill afford, given the current economic situation!

In short, the proposed surveillance plans are nothing short of a disaster on all fronts, and I would urge you to oppose them strongly should they appear in the forthcoming Queen's Speech.

Yours sincerely,


Continue Reading...