Sam Smith’s work focuses on using the Internet for civic good, and he has been advising Privacy International since January 2012. He has worked on a range of human rights technology projects, building search engines about violence in Chechnya, wrangling data about political violence in Zimbabwe, and making research about modern slavery more accessible. He previously spent a decade working on research infrastructure in academia, and worked/volunteers with mySociety and the Nominet Trust, among others, around various policy interventions.
In October 2012 a group of international civil society organisations and others spent several days devising principles to guide communications data surveillance and law enforcement access to communications data. This discussion about matching human rights protections with communications surveillance demands has involved experts from across the world. The current draft principles can be found at http://www.NecessaryAndProportionate.net.
Those principles set out that “activities that infringe on the right to privacy, including the surveillance of personal communications by public authorities, can only be justified where they are necessary for a legitimate aim, strictly proportionate, and prescribed by law”1.
Throughout the Communications Data Bill process, the Home Office has appeared incapable of engaging with this sort of outside expertise or debate. As the Joint Committee stated, “industry, technical experts, lawyers and civil liberties groups could all provide valuable input…but they were not given the chance to do so”.
The Home Office’s blinkers exclude perspectives that may help create a better, more technologically astute and proportionate approach to defining and fixing the problem of digital surveillance, and ignore the fact that law enforcement has access to far more detail on individuals than ever before. A suspect arrested today will likely be carrying significant detail on their movements and activities – evidence law enforcement would be able to use if they had the training to know that it was there.
The ‘filtering’ provisions in the draft Communications Data Bill allow law enforcement authorities to search data held by multiple telecommunications companies from a single interface. This allows matching and the chaining of queries, which may go as far as allowing authorities to be able to ask multiple questions to correlate devices from several persons.
A very specific query may return detailed information about countless individuals, even if they had no direct connection to a topic of inquiry. This may occur, for example, when an image embedded from a different website is loaded.
The Home Office claim that only the data matched will be shown to the law enforcement officer doing their search. However, this is little protection in practice. While the filter may make existing queries slightly safer, the expansion of future queries, those as yet unconceived, is unlikely to be considered openly. We welcome the Home Office’s embrace of agile development methods, however, the impact on civil liberties is ill-considered.
Evidenced by their attempts to include encrypted content in the retention policy, it is clear that the Home Office has difficulty understanding technical challenges. Instead, a claim of “National Security” trumps all and inhibits a proper conversation of what will work and be proportionate.
Development of the filter for data mining and complex queries will be designed and implemented without public consultation. The ISC report states that “evidence we have taken suggests that the filter will have to be constructed on an incremental basis, with rigorous testing and validation at each stage.”
The hyperbole of urgency
The available evidence does not support the Home Office’s hyperbole of urgency. Even if passed now, the bill would not be fully operational until 2018, and it is an attempt to solve a problem from 1998.
The Intelligence and Security Committee’s report into the draft Bill states that for “the largest operation of its kind ever mounted by the Security Service” (prior to 7/7), less than 40 individuals were listed as having their full communications data histories analysed.
Of the “more than 4,000 telephone contacts” these persons had, the “vast majority of these calls or texts were wholly unconnected with attack planning or the wider facilitation network (and may have been as mundane as calling a takeaway restaurant)”.
Obscured in a fog of secrecy and urgency, the lack of understanding of technology and Internet processes shown should be of deep concern to all. The proposed filter will be constructed and reconstructed to operate under and around a legal regime which is fundamentally unsuited to modern technology, let alone the challenges of agile development methods.
In summary, the draft Bill facilitates secret fishing expeditions, requiring surveillance of everyone. Police already have access to vast amounts of material from the mobile phones and computers of those arrested. As the ISC has previously stated in the context of their 7/7 inquiry report, “The focus then, rather than on gathering more intelligence, will be on the need to make better use of the intelligence they have gathered.”2
2. Review of the Intelligence on the London Terrorist Attacks on 7 July 2005. UK Parliament, 2009. http://isc.independent.gov.uk/committee-reports/special-reports
A longer version of this note is available at www.PrivacyInternational.org