Skip to content

Blog

Balancing the Risks of the Communications Data Bill

Saturday, July 28, 2012

Like many of my generation, I have grown up expecting the rich benefits, and accepting the unique risks, an open and free internet presents.

I do not pretend that this medium for open exchange does not, at times, facilitate truly terrible things. I do not deny that the lives and security of millions of people are, at times, put at risk by this platform.

Behind the Black Boxes

I seek to urge balance — balance between the competing demands of liberty and security. A balance of the risk of crime that is faciliated by free communications with installing tools and technology that could so easily be abused by those charged with protecting our safety.

The UK government, like many others at this point in time, is planning to introduce widespread surveillance of internet communications, in the form of the Communications Data Bill.

They will collect the ‘communications data᾿, the metadata of with whom we communicate, through traditional channels like email, but also through any number of third-party services. This will require them to employ deep packet inspection on all our internet traffic to extract the data that they would, under the Bill, be lawfully allowed to store.

But:

  • Who will make the ‘black boxes᾿ that will be doing all the collecting?
  • If the ‘black boxes᾿ are necessarily hunting through the whole communication for the communications metadata, how can we be sure that content will not also be collected?
  • Who will have access to these machines?
  • Are their access controls going to be subject to penetration testing by well-respected security researchers, so we can be confident that our data will remain under the control of the designated officials?
  • How do we know that the boxes have not been, and will not be, altered to do more than their original lawful task?

Our Patterns are Private

… unless there is good reason to suspect us of committing an offence.

One of the things that troubles me greatly is the proposal of storing the address of every website we visit. We are promised that the addresses of individual pages will not form part of this data, but nevertheless, an extraordinary amount of information can be inferred from a list of websites that an individual has visited.

Sensitive political information, medical details we have a right not to disclose, valuable commercial intelligence…

The more data that is accumulated, the more an abusive or corrupt agent can infer, and the more damage they could do. The information about where we go online also has a very high commercial value (as many internet companies are already well aware), making the likelihood of illicit commercial exploitation of this government-held data by rogue officials vastly higher.1

Unless there is reason to believe we have done something wrong, we have a right to withhold this information.

We should resist routine collection and storage of this information where there is no suspicion of wrongdoing.

The Balance of Power

Protecting citizens against risks to their safety is obviously a priority, and clearly a huge challenge. Many people devote their lives to doing so, and many people have made significant sacrifices in pursuit of security. I deeply respect these people, and the need for this work.

We must, however, limit the power we entrust to those who protect us. There will always be some who are liable to corruption, and some intent on harming us whilst purporting to do the opposite.

We have to balance the risk posed by ‘others᾿ — criminals, terrorists, rogue states, with the risk posed by those inside the system who may exploit us with it.

Unfortunately, the abuse of power is made much more efficient where technology is involved.

The wide, sweeping powers of surveillance that the Bill mandates afford dangerous levels of power that are all too easily turned against us. We might trust this government and the software they put on the black boxes that watch all our traffic. What about the next one, and the software they load onto these machines? What if a group much less trustworthy are able to seize these powers in the future? What if the collection and storage technology itself is fundamentally insecure?

It is much easier to resist these overbroad powers now, than to try and re-balance rights and risks later.

Think

I ask that if you do nothing else, spend a little time thinking about these balances of power, and balances of risk.

If, like me, you read between the lines of the Bill and find these balances troublingly one-sided, then write to your MP and write about this issue. Make your voice heard.

Rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add ‘within the limits of the law’ because law is often but the tyrant’s will, and always so when it violates the rights of the individual.

— Thomas Jefferson.

1: The UK᾿s recent huge press scandal has highlighted the issue of corrupt law enforcement officials giving privileged access and preferential treatment to private media companies. It is naïve to believe that this risk will not present itself again. The best way to protect against this kind of corruption and exploitation is to limit the collection of and access to our private data.

Filed under Thoughts | Comments (2)