The debate on the Investigatory Powers Bill has focused a lot on the new extension to police powers, and the collection of “Internet Connection Records” to keep a log of everyone’s web browsing. Critics like myself worry about the ability this creates to see into everyone’s most intimate thoughts and feelings; while proponents are prone to say that the police will never have time to look at irrelevant material about innocent people.
However, the really novel and threatening part of this proposal isn’t being given anywhere near the level of attention needed.
The truly groundbreaking proposal is the “filter”, which could be seen as a government Google search to trawl your call records, Internet and location data. The filter is clearly named so that it sounds helpful, perhaps boring or else maybe something that filters down information so that it is privacy friendly. It is anything but. It is so intrusive and worrying, I would rather you think of the Filter as the PHILTRE: the Police Held Internet–Lets Them Read Everything.
Remember when these proposals started, back in the late 2000s, under the last Labour government? Maybe not, but that’s how long Home Office officials have been trying to make this happen. Their original plan was to build a single database that would store everything they could find about who you email, message and what you read — and where you are, as logged by your mobile phone. Place all that information in a single searchable database and the dangers become obvious. So obvious that the Conservative opposition was up in arms.
How on earth would you stop abuse, if all this information was placed into a single database? Surely, it would lead to fishing trips, or police searches to find lists of all the environmental protesters, trades unionists or libertarians, and to identify who it is that seem to be their leaders? How would you stop the police from producing pre-arrest lists of miscreants before demonstrations, or from deciding to infiltrate certain public meetings? Indeed, who would be able to resist using the database from working out who was at the location of relatively petty offenses, perhaps of littering or vandalism, or calculating who had been speeding by examining everyone’s mobile phone location data.
So the current government does not want try to hoard everyone’s data into a single database. Instead, they’ve come up with the PHILTRE, which can query lots of smaller, separate databases held by each private company. As this PHILTRE can be applied to separate data stores, all at once, we are in effect back with a proposal for a single government database and all the same problems — but in a way that government can claim that it “is not a single government database”.
But as long as the data can be queried and sorted in parallel, it becomes immensely powerful and just as intrusive. For instance, for a journalist to protect against revealing a whistleblower, they would need to avoid not just phoning them, but meeting them while both were carrying their mobiles and creating matching location logs. All of the profiling and fishing expeditions are just as easily achievable.
Most worrying is the authorisation process. Police, agencies and tax authorities will continue to authorise their own access of our personal data, just as they do today with phone call records — there’s not a judge anywhere near the day to day use of this search facility.
The Home Office is selling this Google-style search through the population’s mind as a privacy enhancement. Only the relevant search results will be returned. Masses of irrelevant information about other people will not have to be given to officers. They give the example of mobile phone mast data — where the filter could cut the required information down to just that about the person you need to know about.
This might sometimes be true. But two things make me suspect this is a highly partial story. For one thing, the search engine can tell you about the kinds of things it thinks it might tell you — perhaps social graphs, location histories, dodgy website visits, organisations supported — before you ask it. This is to educate and help police get the right information. It is also an invitation to make increasing use of the tool. If it is limited in its purpose, this seems an unnecessary step.
Secondly, there are no limits to what results the search engine might be asked to produce. Nothing for instance, says that only a single person or place can be searched against, so that only one person’s contacts might be returned, or just the people at a single crime scene. Thus the prospect of fishing trips is given no legislative limit. The only serious limit is that this information might be kept for no longer than 12 months.
For years privacy campaigners have been trying to explain how your web history and location data can be dangerous tools for personal and whole population surveillance. Now it seems the UK government wants to engage in a whole population experiment to show us what it really means. Parliament, the courts, but most of all, you, can help stop them.