British taxpayers to pay to build the haystacks for the government to hunt for needles in
via Flickr © hyku (CC BY 2.0)
- A sledgehammer to crack a few nutcases.
- It'll cost at least £2 billion (and probably much more) to implement the Investigatory Powers Bill.
- But because the government says the price could 'damage' the country's technology sector the public must themselves pay the cost of their being snooped-on.
- Proposals so vague and confusing that even a Conservative-dominated government committee asks for clarification and assurances.
Yesterday the Science and Technology Select Committee (STSC) of the British House of Commons reported that complying with the provisions laid out in the draft Snooper's Charter would cost ISPs and broadband businesses so much that they would lose competitive advantage against overseas providers if they had to provide and pay for all the necessary surveillance equipment themselves. It seems only the public purse is deep enough to meet the bill. That's because it is constantly topped-up by Britain's faceless little people who have to pay tax or suffer some serious consequences while the likes of Google can a pay a bit voluntarily every decade or so if they feel like it.
The remit of the STSC is to concentrate on the feasibility and cost of the technology that would be required to be installed at ISPs to comply with the Investigatory Powers Act (it is still a 'Bill' at the moment having not yet been voted upon). The proposed legislation, which is a steam hammer to be used to splat a few raving terrorist nutcases, is highly controversial and, once made law, would require Internet Service Providers to keep and archive on a rolling 12-month basis, all the Internet activity of every one of their subscribers. Then, when ordered to do so, to hand it over, on demand and without the production of a warrant, to the police, the security services and/or other shadowy government agencies.
It is up to another body, the Joint Committee on the Draft Investigatory Powers Bill, to assess whether the legal powers that it would be granted if the Bill goes through in its current form are actually proportionate to the threats that the Act is supposed to prevent. The Committee is expected to publish its finding by the middle of this month so this could well be the last time that many will be able to send a few risqué St. Valentine's Day messages in the real anonymity and privacy that custom demands. Next year faceless apparatchiks somewhere could well be having a snigger at your passionate postings.
When the Home Secretary (the UK's equivalent of a Minister of the Interior), a post currently held by the combative Teresa May, introduced the Bill in mid-2015, she assured all and sundry that the authorities would not be able to access individual web pages browsed but only basic data such as generic domain names, such as telecomtv.com.
ISPs and others with more than the merest nodding acquaintanceship with the concept of data storage and manipulation told the government that it would not be possible to sort data in that way without building a new, truly monstrously huge and monstrously expensive system. They were largely ignored.
Parliamentary committee has "widespread doubts."
And now the Science and Technology Select Committee, on which the Conservatives have the majority (and who are the natural, partisan and de facto supporters of the government line) have come back to say that the proposals are "vague and confusing" in general and particularly concerning in the specific area of exactly what constitutes "Internet Connection Records" (ICRs). An ICR is supposed to be a list of all the domains a subscriber has connected to, but not a list of individual URLs.
The STSC chairperson, Nicola Blackwood the Conservative MP for Oxford West and Abingdon said: "There are widespread doubts about the definition, not to mention the definability, of a number of terms used in the draft Bill." She added, "There remain questions about the feasibility of collecting and storing Internet connection records including concerns about ensuring security for the records from hackers. The bill was intended to provide clarity to the industry, but the current draft contains very broad and ambiguous definitions of ICRs, which are confusing communications providers. This must be put right for the bill to achieve its stated security goals."
The STSC also raised red flags on surveillance agencies and operatives being allowed to indulge in "equipment interference" - weasel words that actually mean 'state-sponsored hacking' as well as the sinister sounding power of "decryption-on-demand", a soon to be statutory requirement that will result in manufacturers being forced to make their encryption weaker - which will, in turn and of course, attract increasing numbers of malicious hacking attacks.
Nicola Blackwood commented, “Encryption is important in providing the secure services on the internet we all rely on, from credit card transactions and commerce to legal or medical communications. It is essential that the integrity and security of legitimate online transactions is maintained if we are to trust in, and benefit from, the opportunities of an increasingly digital economy.”
Let the last word be with Ross Anderson, the Professor of Security Engineering at the Computer Laboratory, University of Cambridge in England. This is a man who knows what he is talking about and in his submission to the Committee he wrote, "The right way to get around encryption is targeted equipment interference, and that is hack the laptop, the phone, the car, the Barbie doll or whatever of the gang boss you are going after, so that you get access to the microphones, to the cameras, and to the stored data. The wrong way to do it is bulk equipment interference.”
And that's the point. The security services already have wide-ranging powers, are adept and expert at intelligence gathering and are able, with a warrant, to hack and otherwise gain access to the devices and communications of suspected terrorists and the tiny minority in the country who are involved in organised crime.
The UK government, in citing potential terrorist attacks as the reason to introduce legislation to compel ISPs to sweep-up and keep mass data on millions of innocent, law-abiding British citizens, is abrogating to itself, and other governments that will, in due time follow it, overweening and repressive powers that are unlikely ever to be repealed.
What we will get though is mission creep. You can bet on that. And don't make a fuss. After all if you are not doing anything wrong why would you have any cause for concern if Big Brother decides to invade your privacy on a lifetime long basis? It is for your own good. Well, Winston Smith found out the reality of that, didn't he?
In response to the STSC report a Home Office spokesperson (believed to be a certain Mr.O'Brien) said the ministry "will study the report's findings." Wonderful. That augers well and we can all sleep safely in our beds.