Skip to content

Balancing the Risks of the Communications Data Bill

Like many of my generation, I have grown up expecting the rich benefits, and accepting the unique risks, an open and free internet presents.

I do not pretend that this medium for open exchange does not, at times, facilitate truly terrible things. I do not deny that the lives and security of millions of people are, at times, put at risk by this platform.

Behind the Black Boxes

I seek to urge balance — balance between the competing demands of liberty and security. A balance of the risk of crime that is faciliated by free communications with installing tools and technology that could so easily be abused by those charged with protecting our safety.

The UK government, like many others at this point in time, is planning to introduce widespread surveillance of internet communications, in the form of the Communications Data Bill.

They will collect the ‘communications data᾿, the metadata of with whom we communicate, through traditional channels like email, but also through any number of third-party services. This will require them to employ deep packet inspection on all our internet traffic to extract the data that they would, under the Bill, be lawfully allowed to store.

But:

  • Who will make the ‘black boxes᾿ that will be doing all the collecting?
  • If the ‘black boxes᾿ are necessarily hunting through the whole communication for the communications metadata, how can we be sure that content will not also be collected?
  • Who will have access to these machines?
  • Are their access controls going to be subject to penetration testing by well-respected security researchers, so we can be confident that our data will remain under the control of the designated officials?
  • How do we know that the boxes have not been, and will not be, altered to do more than their original lawful task?

Our Patterns are Private

… unless there is good reason to suspect us of committing an offence.

One of the things that troubles me greatly is the proposal of storing the address of every website we visit. We are promised that the addresses of individual pages will not form part of this data, but nevertheless, an extraordinary amount of information can be inferred from a list of websites that an individual has visited.

Sensitive political information, medical details we have a right not to disclose, valuable commercial intelligence…

The more data that is accumulated, the more an abusive or corrupt agent can infer, and the more damage they could do. The information about where we go online also has a very high commercial value (as many internet companies are already well aware), making the likelihood of illicit commercial exploitation of this government-held data by rogue officials vastly higher.1

Unless there is reason to believe we have done something wrong, we have a right to withhold this information.

We should resist routine collection and storage of this information where there is no suspicion of wrongdoing.

The Balance of Power

Protecting citizens against risks to their safety is obviously a priority, and clearly a huge challenge. Many people devote their lives to doing so, and many people have made significant sacrifices in pursuit of security. I deeply respect these people, and the need for this work.

We must, however, limit the power we entrust to those who protect us. There will always be some who are liable to corruption, and some intent on harming us whilst purporting to do the opposite.

We have to balance the risk posed by ‘others᾿ — criminals, terrorists, rogue states, with the risk posed by those inside the system who may exploit us with it.

Unfortunately, the abuse of power is made much more efficient where technology is involved.

The wide, sweeping powers of surveillance that the Bill mandates afford dangerous levels of power that are all too easily turned against us. We might trust this government and the software they put on the black boxes that watch all our traffic. What about the next one, and the software they load onto these machines? What if a group much less trustworthy are able to seize these powers in the future? What if the collection and storage technology itself is fundamentally insecure?

It is much easier to resist these overbroad powers now, than to try and re-balance rights and risks later.

Think

I ask that if you do nothing else, spend a little time thinking about these balances of power, and balances of risk.

If, like me, you read between the lines of the Bill and find these balances troublingly one-sided, then write to your MP and write about this issue. Make your voice heard.

Rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add ‘within the limits of the law’ because law is often but the tyrant’s will, and always so when it violates the rights of the individual.

— Thomas Jefferson.

1: The UK᾿s recent huge press scandal has highlighted the issue of corrupt law enforcement officials giving privileged access and preferential treatment to private media companies. It is naïve to believe that this risk will not present itself again. The best way to protect against this kind of corruption and exploitation is to limit the collection of and access to our private data.

Like this post?

If you would like to support the time and effort I have put into my tutorials and writing, please consider making a donation.

One Comment

  1. Maarten wrote:

    Great post. I agree that governments I wanting way too much control over the internet with the cover of. It’s for the safety and protection of the public, while I get more of the idea the government is behind the monopoly of large companies and trying to drain hard working people. Examples: Media Industry sticking to old business models, blocking of torrent and mediasharing websites, etc. The government doesn’t own the internet. It’s owned by the people, because the content of the web is created by the whole world and individuals contributing. That’s my opinion of the whole thing 🙂

    Thursday, August 23, 2012 at 08:56 | Permalink |

One Trackback/Pingback

  1. […] seems we have bounced from one consultation on a threat to the internet to another. The UK government is now consulting on the idea to introduce an opt-out ‘internet […]

Post a Comment

On some sites, you must be logged in to post a comment. This is not the case on this site.
Your email address is not made public or shared. Required fields are marked with *.
*
*
*

Posting a comment signifies you accept the privacy policy.
Please note — your comment will not appear straight away, as all comments are held for approval.