April 03, 2012 | Jim Killock

Surveillance CCDP plans: the key questions

ORG has been following the CCDP plans for two years, as they have crept up through policy papers, government statements and budget plans. Consistently, but ineffectively, the government has tried to deny that the plans are problematic.

However, we do believe the plans may be changing in significant ways. There is a probable shift to asking Internet service companies like Google for swift access, rather than collecting all of the data through ISPs.

Let’s examine some of the key questions. (See PI's blog and FAQ as well)

1 Lack of warrants for communications data

Communications data in the UK is produced through authorized requests by trained police officers. No judge, court or warrant is required. Traditionally, the claim has been that “communications data” is pretty trivial. But as more and more data amasses, it is actually very intrusive and highly revealing.

Don’t be fooled. The current system of simple police self-authorized requests is very poor, and new access to more data demands higher safeguards: that is, going through a court.

2 “We’re just maintaining capacity”

This is the extraordinary claim that the security services are making. That much more of our lives are online, that this information maps our whole histories and social lives, that this is different from a record of phone call we made seems to be evading the security services.

Requests for communications data now represents a very high level of surveillance, and as such should be governed by courts, not the police, and certainly should not be available through automated systems.

3 Will the government go to Facebook and Google directly, in “real time”?

Increasingly, it seems that the plans are changing, so that the government will go to the companies to get the data from them, maybe in “real time”. Thus, with even lower barriers, huge amounts of data could be given to police from extremely detailed social maps that we have voluntarily created.

In the USA, Google and Facebook are campaigning for much tighter controls than the judicial authorizations that are already required. Do their UK customers really deserve less protection?

4 What about encryption?

Nobody yet has suggested that the government breaks encryption to read the communications data they claim to want access to. Yet that is the logic of the path they are suggesting, especially as sites will be very keen to encrypt if the government is reading the traffic. Encryption is a vital tool for commerce and business

5 Will it work?

Nobody really seems to think it will work. The need to investigate real offences of course could be dealt with through the courts. But gathering masses of data, or making it extremely accessible, seems to introduce risks without real benefits.

6 What about trust? And the economy?

The priority of this government is economic growth. The Internet economy is actually growing. Yet it depends on trust. Declaring a surveillance culture to be integral to the Internet will keep people away from the Internet and undermine our trust. if the government seeks to break encryption, this will be even more dangerous, as banking and other information could be made vulnerable.

But even more than that, the £2bn price tag, which will almost certainly prove to be too little, is money that will not contribute to economic growth. Investing in mass surveillance tools will not deliver growth, and will not tackle crime.