Thursday, December 27, 2012

Lord Carlile tells Lib Dems to 'grow up' over Comms Data Bill

Lord Carlile of Berriew was my immediate next door neighbour for the whole 13yr period he represented Montgomeryshire in the House of Commons. He was also and remains a good friend, and a man whose opinions I have always taken great note of. I suppose you could look on us as a early precursor to the current Conservative/Lib Dem Coalition. I respect his opinion, especially on legal matters. Today its being reported that he has told his Lib Dem colleagues to "grow up" in its approach to the Communications Data Bill. He has described some comments opposing the Bill as "irresponsible". And last week he said that the term "Snooper's Charter", (which is used by many who have contacted me as part of an email lobbying group's campaign) as a "complete traducement of the Bill". He's also makes the point that many private firms collect more intrusive information about us already. None of this surprises me because I met up with Alex two weeks ago for a coffee and discussion about all this.

Now its not only the Lib Dems who are concerned about the proposals in the Communications Data Bill. Plenty of Conservatives are concerned as well. And so are Labour, though Alex tells me the Bill is similar to proposals put forward by the Labour Gov't in 2007. I suppose that's what oppositions do. The reason I'd asked to speak to him about it was that I have an instinctive distrust in 'the state' accessing and holding any information about us that is not absolutely needed. No-one is better placed than Alex is to judge what is necesssary.

Most people who have raised the Bill with me in person (rather than email) have not known much about its content. Discussion seems to dilute their opposition. Gov't agencies already have access to communications data, but the law has not kept up with modern means of communication - mobiles, the web and social networking. The Bill extends powers to take account of modern technology. All it does is require providers to hold records so that 'approved' Gov't agencies can discover 'who, when,where and how' information - without having access to 'content'. Access to the information held would be granted only on a 'case by case basis', approved by a senior designated officer - with the whole process supervised by the Information Commissioner and the Interception of Communications Commissioner. Make of that what you will.

The questions we as MPs have to face is whether we are content to allow the Internet to operate as an 'unpoliced space' where criminals are free to roam, and whether the Communications Bill before us strikes the right balance between law enforcement and individual's privacy. Its no surprise that the Parliamentary process is leading to significant changes being made to the proposals. So far I've been publicly wholly supportive of the Home Secretary, even if I've shared some concern privately. Its a difficult sensitive issue


Mark Pack said...

It seems from your post that you put a fair amount of faith in the Interception of Communications Commissioner to oversea the system fairly and effectively.

However, the record of that post is an exceptionally poor one:

Is that really a system which you'd trust more data to?

George W. Potter said...

As someone who does actually understand the technical aspects here, let me make two points please.

Firstly, the amount of data storage required here is immense - nothing remotely comparable to it in both scale and detail is currently stored by the government or private companies. If you want an idea of the feasibility and implications of this then you should speak to someone who actually understands the technical aspects of it rather than an old friend who was born decades before the worldwide web.

Put simply, the amount of data required to be stored and how long it would need to be stored for is so great that it simply would not be practical to do. The cost alone would cripple businesses and making the system work would be nigh impossible. And that's without the massive security issues that would arise from so many companies having such large and detailed databases of such sensitive and private information.

Secondly, this information is very different from the information currently accessible by the government. The bill is based on the notion that data sent on the internet is like sending a letter - you have an address it comes from and an address it goes to - and that this can be monitored without needing to read the letter itself.

Unfortunately, the internet doesn't work like that. A huge amount of data is sent in packets in which the sender and recipient address are stored within the packet itself. This is the equivalent of a tin with the message, the sender address and the recipient address all inside it. You simply can't get the addresses without also accessing the message itself.

So for the bill to be implemented would mean these packets of data having to be opened. Which wouldn't just be the claimed "updating" of existing government powers to monitor who people communicate with but would also, in reality, force the recording of what people actually said in their communications - even if that wasn't the intention.

And, whatever you might claim, a bill which will result in all the details of people's communications with each other online being stored in massive databases for over a year, with serious security risks over who could access them, is a massive invasion of privacy. It is the equivalent of someone listening in and writing down a verbatim transcript of every phonecall made in this country.

And if you actually understood the technology in question, or had bothered to speak to someone who did, as was your duty as a legislator, then you would already know that.

Glyn Davies said...

Mark/George - I should make clear that I have concerns myself, and I thought I made that clear in the last paragraph - though at this stage I intend that they should remain private. Had never heard of the Interception of Communications Commissioner before! And Lord Carlile, as well as being my neighbour and 'old friend' was the UK Gov'ts advisor on terrorism legislation until last year.

Mark Pack said...

I'm sure you're not alone amongst MPs in not having heard of him (and kudos for being honest enough to admit it!).

As it's a post that reports annually to Parliament, there's an interesting side-issue there about how much accountability that really produces.
"Reports to Parliament each year" sounds good - but I think the lesson from this example is that it doesn't mean much in practice.

Glyn Wintle said...

Have you read the cross party committee report that spent months looking at the bill and then slated it.

glyn moody said...

I find it a little disappointing that you use the phrase "the Internet to operate as an 'unpoliced space' where criminals are free to roam": that is simply not the case.

The Internet is already subject to all the laws we have in this land. Indeed, there have been plenty of examples where existing laws are being used to address issues online without any problem.

What is not always appreciated is that the Comms Data Bill would represent a massive *expansion* of capabilities. In fact, this idea that the authorities are somehow "losing" the ability to monitor is also not true: the percentage of traffic they can monitor may be going down, but the volume is going up so fast that they are actually able to monitor far more today than in the past.

As a previous comment rightly pointed out, the new powers will not simply update existing capabilities, but push them much further because of the way the Internet works. In particular, the use of "filters" will allow arbitrary enquiries across the entire distributed database system - think Google for the entire UK population's Internet activity.

This is a huge overreach that has not been remotely justified by those asking for these powers. Certainly, it would make their lives easier - but so would installing CCTV in everyone's home, but nobody would call for that. In fact, the Comms Data Bill is the exact equivalent of putting CCTVs in everyone's home, but with digital not analogue recording: do you really want that for the UK?

AlecMuffett said...

I realise that it's a 'big ask' of a serving MP to invest time in cybersecurity philosophy, but the whole notion of the internet as a "space" which requires special policing is erroneous, as I demonstrate in my presentation on the topic at Slideshare.

In a nutshell the internet is communication, it is the transport of ideas rather than tangible goods. If we were to cast the notion of Cyberspace back into the 1950s we would have something like 'Telephoneworld' - where instead of "conmen" we would have "telephone criminals", and instead of corporate spies we would have "telephone espionage". If this sounds silly then why is "cybercrime" any less so?

In America they have a history of this - there are 1870/telegraph-era American "wire fraud" statutes precisely because of the focus upon means, not ends - and to deal with harmonisation of laws inherent in the notion of communication across states. In the end it's still fraud, or other forms of already-understood crime. We habitually confuse new mediums for the actions performed over them, and commonly decide that any new medium requires its own legislation and even policing.

The Internet *is* communication, between people and people, between people and services. It is unpalatable to Government to acknowledge that policing of communication demands filtering, and that filtering of communication is censorship. This unpalatability motivates the ongoing fiction that the internet is a space - cyberspace - which can be policed and even "defended" like the White Cliffs of Dover - but if someone ever asks "What are the boundaries of British Cyberspace?" they government never be able to provide a satisfactory answer, for there is no answer. One might equally ask "what are the boundaries of 'British Speech' ?"

And what is the proposal of CCDP? Nothing more than the demand to record every instance of whom talked to whom. As a LibDem, does that not make you feel concerned?

From inside the party I would recommend @DrJennyWoods to discuss the matter. Or even Mark Pack. :-)

Alec Muffett,
Network Security Consultant and Architect