Tuesday, April 26, 2016

Liberty confront people directly with implications Investigatory Powers Bill

Liberty, with an aggressive confrontational 2 minute video opposing the provisions of the Investigatory Powers Bill, have been demonstrating that when people are accosted directly and immediately with the reality of personal data collection and intrusive privacy invasion, we do not like it.

"Would you let a stranger into your phone? The snoopers' charter won't give you a choice" reads their tag line. Posted earlier today it's only got 89 viewers so far.

Why, then, is it somehow acceptable if mass privacy invasion or bulk data collection/retention/ interception happens silently or invisibly or unobtrusively in the background whilst we don't pay attention? Might Liberty actually be suggesting that we have been a passively tolerant society for too long?

Friday, April 22, 2016

Monday, April 11, 2016

Privacy International & CassetteBoy v The Snoopers' Charter

CassetteBoy has made an amusing 2 minute video for Privacy International on the Investigatory Powers Bill.

Bill documents and the written evidence (that submitted by original 23 March 2016 deadline) to the Public Bill Committee examining the Bill are available here.

Speech by President Michael D Higgins at EUA Annual Conference

President of Ireland, Michael D Higgins, gave a wonderful speech at the European Universities Association Annual Conference last week. The official transcript of the speech doesn't have the section he delivered in Irish at the beginning but if you have the odd 42 minutes to spare and have any connection in any context with higher education, then take the time to watch and listen -

Succinct Irish Times report on the speech here.

My favorite extracts (quite a large chunk):
"There is a grave danger that debates about the role of the university are taking place in a narrow political and ideological space...
I suggest that at the present moment in Europe and far beyond it, insofar as policy makers focus attention on education policy, they tend to view universities in a rather utilitarian way, as foundations of new knowledge and innovative thinking, within the confines of existing trade, commercial and economic paradigms, paradigms that are fading but not without damage to social cohesion. 
They pursue, perhaps with their own best of intentions, their own project, rather than any change as a means of advancing social justice and mobility. They seek contributors to social and cultural dynamism irrespective of the distribution of the benefits. This is an approach wherein short-term concerns prevail over long-term developmental objectives.  
My purpose this morning, then, is to suggest a recall of some first principles of the necessary role of the university in society; ...
In doing so, we must first recognise that we live at a time when the language and rhetoric of the speculative market has become embedded in the educational culture and has brought some university practices down a precarious road. That reductive view has brought us, I believe, to a time of great questioning about the purpose of the university – much of which has been corrosive - and perhaps even to a moment of intellectual crisis.
It is in its extreme form a view that is based on an erroneous perception that the necessary focus of higher education must be on that which is utilitarian and immediately applicable. Such a view sees the primary objective of the university, and those who study within it, as being in preparation for a specific role within the labour market, often at the cost of the development of life-enhancing skills such as creativity, analytical thinking, and clarity in written and spoken expression. 
We have now reached, I believe, a juncture which sees intellectuals challenged to recover the moral purpose of original thought and emancipatory scholarship; a time when we must seek to recapture the human and unifying capacity of scholarship. 
Max Weber, the great 19th century social theorist, responded to the events of his time in the second half of the nineteenth century asa public task of an intellectual, accepting the requirement not only of radical thought but of the duty to communciate as part of a public discourse.  
Weber... prophesied an iron cage of bureaucracy, a dehumanised landscape within which conformity would be demanded to that which no longer recognised its original moral or reasonable purpose."
A bit like our modern education sector and beyond, says Michael D ...
" While Weber’s view might be seen as dystopian, we can certainly recognise some of the features he predicted in our contemporary situtaion, in which rationality has led less to what is productive or inclusive but at so many times to what is a speculative gambling that has consequences in so much global misery.
Our European crisis is at least as profound as that faced by previous generations of political and social theorists at the end of the 19th century, but our response seems to be so slow, even as so many European citizens sense, inadequate. That is among those who care. The crafting of a response to this crisis is, I believe, a widespread challenge and one which the Irish and European universities must embrace, insisting on remaining open to originality in theory and research, and committed to humanistic values in teaching. It is through the encouragement of creative and free thinking that our universities acquired their status in the past, and correctly claim it today, as unique institutions that accept the responsibiity of enabling and empowering citizens to to participate fully and effectively at all levels of society. This creative function must be cherished, nurtured and encouraged.
Too many, perhaps unknowingly, have accepted an ‘under labourer’ view of the university, indeed of intellectual work more broadly, as we seek to belong in a form of society/economy relationship where we have lost the capacity to critically evaluate... We cannot allow ourselves to sleepwalk through the crisis that an unaccountable, but reformable, form of globalisation presents.
In this context, the role of the university in enabling citizens to develop the intellectual tools to address the great challenges of our time, which include include questions of development and global poverty, of climate change and sustainability, and of conflict and displacement, is one which is vital. Indeed, that we have heard the call to be responsible in relation to climate change or to sustainable development, that it has been endorsed by world leaders, is due to responsible scholars, thoughtful scientists who have made the intellectual case for political action at the global level – who have combined scholarship with citizenship and activism.
In this wider social understanding of the university, its relationship with its students cannot in my view, without great loss, be reduced, then, to that of provider of any narrow professional training, guided towards a specific and limited objective and essentially disengaged from the academic experience which is fundamental to independent thought and scholarly engagement. Theirs must be a much broader rapport, one which introduces students to an intellectual life and allows them to develop a critical turn of mind as well as informing an ethical concern with their community and their planet.
At the pedagogical level... Learning from those who are passionate about their subject, face to face collaboration and regular engagement in organic debate and discussion, journeying into the false avenues as well as the fruitful ones, is central to a rich and fulfilling educational experience.
We see great challenges in contemporary research practice too ... we have witnessed in recent decades the marginalisation of political philosophy and social theory to rather narrow issues of administration and, under pressure of publication and peer competition, to that which can be easily measured. More and more pressure has come on universities and scholars to prove their relevance within a hegemonic version of the connection between society and economy that is destructive to social cohesion – one that has demanded a consensus on the desirability, not merely of economic growth, but of a singular, limited versions of economics. Scholarship requires the breadth and breath of culture for paradigm shift to happen.  
As a research subject, the role of the State as innovator or generator of social cohesion has to be recovered...
We have been living through a period of extreme individualism, a period where, in its early extreme version, the concept of society itself has been questioned. The public space has been presented as a competitive space of consumers rather than citizens...
Neither can there be any doubt that one of the contributing factors of our recent economic crisis was a failure of capacity and intention on the part of our citizens, as well as our institutions, to question, to scrutinise and to interrogate the concepts of individualism to which they were invited to aspire, and the insatiable consumption to which they were invited and which, over recent decades, were accented and prompted as alternatives to the models of public good and welfare. Our existence is assumed to be, is defined as, competing individual actors, at times neurotic in our insatiable anxieties for consumption...
The will to create bridges and to listen to each other with respect remains as critical in the academic sphere as it is in all areas of life. When scholars are prepared, in their pursuit of knowledge and solutions, to engage in inclusive and interdisciplinaryscholarsip, to take a broader perspective, and to learn from the viewpoint of others we can, as a society, only benefit from such an approach. 
If we wish to develop independent thinkers and questioning, engaged citizens, our universities must, while providing excellence in professional training, avoid an emphasis that is solely or exclusivity on that which is measurable and is demanded by short term outcomes. They must allow for the patience and the peace that is required for memorable university teaching and research."
Gold star.
"Fostering the capacity to dissent is another core function of the university. Third level scholarship has always had, and must retain, a crucial role in creating a society in which the critical exploration of alternatives to any prevailing hegemony is encouraged. "
Another gold star Mr President.
"Universities must surely be facilitated and supported, made free and funded, so that they may preserve their role as special places for the generation of alternatives in science, culture and philosophy. They must be allowed to flourish as spaces which develop that intellectual courage which allows the rejection of exclusive or excluding ideologies, and encourages the seeking of truth from fact and the production of alternative solutions and action. Universities must be places where minds are emancipated and citizens enabled to live fully conscious lives in which suggested inevitabilities are constantly questioned..." 
... it is the duty of the university to engage in shaping, and not simply reacting to, the fourth industrial revolution. Neither technology, nor its potential to disrupt, are remote extrinsic forces over which we as humans have no control. All of us, as members of a global society, must play our role in guiding the pathway of new technology into our society in a way that is ethical and moral. It is essential also, that public citizen support for the necessary public investment in universities is secured – and that the benefits from this investment are retained within the universities themselves and demonstrated to a supporting public.
The university must not be reduced to a component of the market place as it cannot exist, in its fullest sense, in an exclusively market world. The intellectual dimension of higher education is not one that can easily be measured, and universities must not be called on to perform solely in ways which lend themselves to metric measures of performanace. Digitisation has great possibilities for the effecting of positive transformation within our society. However, as with all tools of power, the ethical test is its use.
In our current circumstances in Europe and the world, it is here, in our universities, that we can begin to enact such transformative thinking as is necessary to create the foundations of a society that is more inclusive, participatory and equal. That transformative thinking will require a real change in consciousness. It is through critical and engaged pedagogy that we can be assured that we are engaging the educators of a generation that will have the capacity to understand and question the assumptions of any status quo, and to understand when that status quo must be challenged and how; a generation who will have the confidence and the wisdom to engage in alternative visions of what a society can be, and bring it into being.
I suggest that the universities and those who work within them are crucial in that struggle for the recovery of the public world, for the emergence of truly emancipatory paradigms of policy and research. It is not merely a case of connecting the currency, the economy and the people, it is about recovering the right to pose such important questions as Immanuel Kant did in his time – what might we know, what should we do, what may we hope?" 
Go raibh maith agat A Uachtaráin do chiall ag labhairt i gcónaí deacair.

Wednesday, April 06, 2016

Investigatory Powers Bill 2nd Reading Part 3: Joanna Cherry

The SNP's Joanna Cherry QC's speech in the debate on the day of the 2nd reading of the Investigatory Powers Bill in the House of Commons on 15 March 2016 began at 3.04pm. The SNP are substantively opposed to the Bill in its current form but abstained the vote later in the day.

Ms Cherry opened by expressing grave concerns about the Bill whilst noting the law in this area needs a thorough overhaul and that the police and security services need appropriate powers to fight terrorism and serious crime. These powers have to be necessary, proportionate and compatible with the rule of law and the right to privacy. The IPBill is seriously deficient on all these fronts and hence the SNP could not support it.

She went on to note the SNP feel the IP Bill is a "rush job" being pressed forward with insufficient time for scrutiny, when the ink was barely dry on the three parliamentary reports criticising the draft Bill. Just the previous week, the UN's special rapporteur on the right to privacy published a report seriously and specifically questioning the IP Bill (paragraphs 39 to 42) and its failure to meet standards set out in judgments of both the European Court of Human Rights and The Court of Justice of the European Union. The Tory jeering squad got lively at this point and Ms Cherry cheerily admonished them suggesting they might like to read the special rapporteur's report. It contains a careful explanation of recent case law and can't simply be dismissed lightly.

Good practice suggests surveillance should be targeted and facilitating warrants should be focused, specific and rooted (nearly said "rotted" there which would have been an unfortunate slip) in reasonable suspicion. Yet the so-called targeted interception warrants enable spying on groups of people or multiple organisations or premises. Bulk interception warrants require neither specificity nor reasonable suspicion. We're not talking merely about mass surveillance with this Bill but suspicionless surveillance. The national security test in the Bill doesn't actually even require a national security threat.

The powers to retain internet connection records and other bulk powers in the IP Bill go way beyond what other western democracies do and will set a very bad precedent likely to be copied elsewhere. Denmark's equivalent of ICRs didn't work and were abandoned. The US found bulk data collection unconstitutional and ineffective for counter terrorism. The government have to justify - and have failed to do so - why it alone should be allowed powers way beyond those available to other western governments.

The SNP, Ms Cherry continued, did not believe the government were providing sufficient time for consideration of the Bill. The Home Office published about 1200 pages of documents relating to the IPBill on 1 March. The suspicion was they were dumping large tranches of documents and rushing the parliamentary process to avoid proper parliamentary scrutiny.

The Home Secretary interrupted, rather irritated, complaining that she had made an effort to publish all necessary documents because opposition parties are always moaning the government fails to do so when publishing Bills. Ms Cherry responded that Mrs May misunderstood her concern - not that the documents had been published but that insufficient time was being given to scrutinise them. The SNP would not be bullied into supporting a mass surveillance Bill of dubious legality just to avoid being labelled soft on terror. They would not tolerate bogus charges of this nature for the crime of requiring proper parliamentary scrutiny of and justification for expansive surveillance powers.

The SNP's concerns, Ms Cherry said, were widely shared by many MPs on all sides, parliamentary committees, industry and the UN special rapporteur and 200+ lawyers that wrote to the Guardian. Another interruption came at this point from the government benches declaring the lawyers wrong. Ms Cherry suggested a look at the distinguished list of signatories, experts whose opinion deserves some respect.

That letter to the Guardian highlighted the problem of bulk interception. Generalised initial interception is the issue - this generality, lack of focus and specificity is what the lawyers are worried about.

Dominic Grieve intervened to agree if what was happening was the kind of generalised interception of electronic communications in bulk, outlined in the Guardian letter, it would be "a very serious matter indeed". He does not believe that this is what the IP Bill facilitates.

Ms Cherry accepted his sincere belief to that effect but disagreed with his interpretation of the Bill as do the 200+ lawyers and many others. And if she and many respected lawyers can have varied interpretations of such critical laws it highlights the importance of having clear and focused language on the face of the Bill. Vague language poorly understood can be twisted to the desires of those in authority in future and has been in this area in the past.

If the government want "world beating" legislation they can't simply go around violating international standards. The UK is still bound by the European Court of Justice and the European Court of Human Rights and the IP Act as it will become will likely be challenged and possibly struck down in those arenas. The government and their supporters may choose to follow Russia's approach from December 2015 and pass a law to avoid complying with international human rights standards but Ms Cherry wouldn't recommend it.

Ms Cherry challenged the oft repeated notion that we gain more security by sacrificing privacy. It is simply not backed up by any evidence. The government responded to the Intelligence and Security Committee call for privacy to form the backbone of the Bill by adding the word privacy to the title of part 1. That comes across as somewhat cynical. And mass data collection is ineffective and counter-productive. Swamping electronic haystacks with more hay makes it harder for analysts to find the needles. We need to do security more intelligently not blanket data collection and suspicionless surveillance.

The SNP have many problems with the IP Bill in its current form but she wanted to focus on four of these given her limited time.
  1. the legal thresholds for surveillance
  2. the authorisation process
  3. the provision for the collection of internet connection records
  4. bulk powers
Regarding legal thresholds for surveillance, the Government essentially want to subsume RIPA’s three broad, vague and "dangerously undefined" grounds for surveillance into the IP Bill. She welcomed the move in the direction of some judicial oversight but want the commissioners to have substantive oversight, not just judicial review, powers - not a double lock but an equal lock process. In technical legal terms she is concerned a less intensive standard of judicial review will be applied—more Wednesbury reasonableness than strict necessity and proportionality. Why not go as far as other countries like Australia, Canada and the US on judicial oversight? This would additionally help solicit cooperation from the big US technology firms.

There is a false assertion made repeatedly that ministers are accountable to parliament in the issuing of warrants. That is not the case and won't be here because warrants are generalised and will not be disclosed. Besides, disclosing the existence of a warrant is and will be a criminal offence under the IPBill. And requests in the House of Commons for information on warrants are brushed off with the national security excuse. Ministers are not accountable to the parliament for warrants, practically politically or democratically. So she doubts the IP Bill authorisation of warrants processes meet European court standards requiring independent judicial supervision.

On internet connection records, the case made for their collection and retention in bulk is fatally flawed. ICRs cannot be equated to itemised phone bills. ICRs are quite fantastically intrusive and David Anderson has pointed out they would not be countenanced in Germany, Canada or the US.
"What the internet connection records will show is a detailed record of all of the internet connections of every person in the United Kingdom. There would be a 12-month log of websites visited, communication software used, system updates downloaded, desktop widgets, every mobile app used and logs of any other devices connected to the internet. I am advised that that includes baby monitors, games consoles, digital cameras and e-book readers. That is fantastically intrusive. As has been said, many public authorities will have access to these internet connection records, including Her Majesty’s Revenue and Customs, and the Department for Work and Pensions, and it will be access without a warrant. Do we really want to go that far? There is no other “Five Eyes” country that has gone as far. David Anderson QC said: 

“Such obligations were not considered politically conceivable by my interlocutors in Germany, Canada or the US”
and therefore, he said, “a high degree of caution” should be in order."
Finally she turned to bulk power, suggesting they are a radical departure from both common law and human rights law. Parliament has never before been asked to vote on or approve bulk powers of this nature. They have been deployed in secret, something we only became aware of because of Edward Snowden. Whatever you think of Snowden, she shares the serious concerns of the UN Special Rapporteur on Privacy that these bulk powers are probably the most worrying part of the IP Bill. She quotes from paragraph 39 of his report:
"It would appear that the serious and possibly unintended consequences of legitimising bulk interception and bulk hacking are not being fully appreciated by the UK Government. Bearing in mind the huge influence that UK legislation still has in over 25% of the UN’s members states that still form part of the Commonwealth, as well as its proud tradition as a democracy which was one of the founders of leading regional human rights bodies such as the Council of Europe, the SRP encourages the UK Government to take this golden opportunity to set a good example and step back from taking disproportionate measures which may have negative ramifications far beyond the shores of the United Kingdom.  More specifically, the SRP invites the UK Government to show greater commitment to protecting the fundamental right to privacy of its own citizens and those of others and also to desist from setting a bad example to other states by continuing to propose measures, especially bulk interception and bulk hacking, which prima facie fail the standards of several UK Parliamentary Committees, run counter to the most recent judgements of the European Court of Justice and the European Court of Human Rights, and undermine the spirit of the very right to privacy."
She then concluded:
"The SNP is in favour of targeted surveillance. We welcome the double lock on judicial authorisation as an improvement, but it does not go far enough. Our concern is, quite clearly, that many of the powers sought in this Bill are of dubious legality and go further than other western democracies without sufficient justification. It is for that reason that we cannot give this Bill, in its current form, our full support. We will work with others to attempt to amend it extensively. Today, we shall abstain, but if the Bill is not amended to our satisfaction, we reserve the right to vote it down at a later stage." 

Thursday, March 24, 2016

Evidence to Public Committee examining Investigatory Powers Bill

There seem to have been 38 submissions of written evidence to the Public Parliamentary Committee scrutinising the Investigatory Powers Bill. Almost all raise significant concerns about the Bill. My tuppence worth has been published by the committee, much of it said here before.

Contributions from Center for Democracy & Technology (IPB36)Kevin Cahill (IPB37), the Bar Council (IPB38)Internet Service Providers Association (ISPA) (IPB31)Annie Machon (IPB16)Adrian Kennard (IPB13)Dr Paul Bernal, the Muslim Council of BritainIT-Political Association of Denmark (IPB20)Big Brother WatchtechUK (IPB27) are particularly recommended. I suspect the submission from Apple, Facebook, Google, Microsoft, Twitter and Yahoo (IPB21) will receive the most publicity.

Copy below of my contribution focusing primarily on the disproportionate nature of indiscriminate bulk personal data collection and retention. Excuse the dodgy formatting - Microsoft Word, in which I was obliged to submit the evidence, doesn't play nicely with Google's Blogger.

Submission to Investigatory Powers Bill Committee, 23 March, 2016

My name is Ray Corrigan. I’m a Senior Lecturer in the Maths, Computing & Technology Faculty of The Open University, though I write to you in a personal capacity.


1.       The Investigatory Powers Bill Public Committee is being required to analyse the long and complex Draft Investigatory Powers Bill in an unreasonably short timescale.
2.       I will focus this submission on one issue – the disproportionate nature of bulk collection and retention of communications data proposed in the Bill

Bulk collection & retention of communications data: circles of suspicion

1.       There is a fundamental misunderstanding at large in Westminster – the idea that collecting and retaining bulk personal data is acceptable as long as most of the data is only “seen” by computers and not human beings; and it will only be looked at by persons with the requisite authority with the aid of the Investigatory Powers Bill “filter” if it is considered necessary.  This is a seriously flawed but widely accepted line that has been promoted by successive governments for some years.

2.       The logical extension of such an argument is that we should place multiple sophisticated electronic audio, video and data acquisition recording devices in every corner of every inhabited or potentially inhabited space; thereby assembling data mountains capable of being mined to extract detailed digital dossiers on the intimate personal lives of the entire population. They won’t be viewed by real people unless it becomes considered necessary.

3.       Indeed with computers and tablets in many rooms in many homes, consumer health and fitness monitoring devices, interactive Barbie dolls, fridges, cars and the internet of things lining up every conceivable physical object or service to be tagged with internet connectivity, we may not be too far away from such a world already.[1]

4.       In the past two years both the Court of Justice of the European Union[2] and the European Court of Human Rights[3] have repeatedly rejected bulk indiscriminate personal data collection, retention and dissemination as incompatible with international human rights obligations.

5.       In Zakharov v Russia (2015) the European Court of Human Rights said authorisation for surveillance of phone communications “must clearly identify a specific person … or a single set of premises” and “that a system of secret surveillance … may undermine or even destroy democracy under the cloak of defending it”.

6.       In Szabo & Vissy v Hungary (2016) the European Court of Human Rights ruled those authorising surveillance must “verify whether sufficient reasons for intercepting a specific individual’s communications exist in each case.”

7.       Targeted not bulk surveillance is required.

8.       Leaving aside the legal situation, it is reasonable to suggest the guilty forfeit their right to privacy in connection with their nefarious activities. Authorities are entitled, also, to collect and peruse the data of the suspicious. Those in the suspicious category may be innocent but if law enforcement and the security services have a justifiable cause to harbour suspicion, they have a duty to investigate such persons. In the approach of the Investigatory Powers Bill the data of the innocent gets swept up in all this too. But that's not a problem, the government assures us, since law enforcement and the security services are not interested in the innocent.
9.       What do these circles of suspicion look like, however, if we consider relative proportions of guilty v suspicious v innocent by throwing some hypothetical numbers at the problem? Since successive government spokespersons for the past 16 years have talked in terms of thousands of dangerous individuals here, let’s start with the hypothesis that there might be 6,000 dangerous people and 600,000 suspicious types resident in the UK, in a population of a little over 60 million. If that is anywhere close to the real numbers the relative areas of our guilty, suspicious and innocents' circles look like this (with the innocent circle drawn first and the suspicious and guilty circles thrown on top) –
10.    So the collection – and/or the forced industry collection and retention for perusal by government authorities through the Investigatory Powers Bill “filter” – of everyone's data, in bulk, for investigatory purposes, begins to look somewhat disproportionate. And it is not just industry that may be obliged to collect this data. Data retention and other powers demands may even be visited upon those running private and home networks. (And equipment interference warrants - targeted, thematic and bulk – may also be targeted at private/home networks but that’s a whole other discussion which I’d recommend talking to Graham Smith, partner at Bird & Bird LLP, about). If the numbers of guilty rise to 600,000 and the suspicious to 6 million the picture changes again -
11.    By playing around with the relative numbers we can get a picture of how big we think the guilty and suspicious circles have to get, before we consider it proportionate to justify the bulk data collection and retention powers in the Investigatory Powers Bill.

12.    Even in that third scenario where it was assumed there were 600,000 guilty and 6 million suspicious, it doesn't look reasonable that the remaining 54 million or so innocents get dragged into the digital net of suspicion.

13.    The bottom line is that we only start to get a real picture of what the Investigatory Powers Bill bulk data collection and retention powers mean when we get into the detail of how they will operate or are expected to operate in practice.

14.    Internet connection records (ICRs) are one specific area of interest here, though it is still not clear, from the Bill or government explanations or associated documents, what exactly ICRs will be in practice. Government, or industry and others on government’s behalf, should not be collecting, indiscriminately, for perusal and analysis, primarily electronic or otherwise, the reading, viewing and listening lists and other online activities of the entire population. Especially not those of tens of millions of innocents. It constitutes an unnecessary and disproportionate abuse of power.

15.    I will conclude by drawing your attention to clause 78 of the latest version of the Bill, in which “relevant communications data” appears to be a catch all to cover the collection of just about any data. May I commend to you Graham Smith’s pictorial representation of what this appears to mean available with an informative commentary at http://cyberleagle.blogspot.co.uk/2016/03/relevant-communications-data-revisited.html

16.    As an engineer, s78 looks, to me, like this –
17.    Indiscriminate bulk personal data collection and retention should be removed in all its forms from the Bill.

[1] Executive Office of the President President’s Council of Advisors on Science and Technology Report to the President, [May, 2014], Big Data and Privacy: A Technological Perspective
[2] Digital Rights Ireland (C-293/12 AND 594/12, 2014), Google Spain v Gonzales (C-131/12, 2014), Schrems (C-362/14, 2015)
[3] Zakharov v Russia (Application no. 47143/06, 2015), Szabo & Vissy v Hungary (Application no. 37138/14, 2016)

Monday, March 21, 2016

Investigatory Powers Bill 2nd Reading Part 2: Dominic Grieve

Though I did not agree with them in their entirety, the contributions of Conservative Dominic Grieve and the SNP's Joanna Cherry were amongst the few well-informed inputs to the debate on the day of the 2nd reading of the Investigatory Powers Bill in the House of Commons on 15 March 2016. Mr Grieve's speech began at 2.53pm.

He explained the Intelligence and Security Committee, which he chairs, is satisfied that the government are justified, in broad terms, in seeking the powers in the Bill, including the bulk powers. The ISC also welcome the government's attempts through the Bill to bring greater transparency to surveillance powers and are keen to get away from the incomprehensibility of the Regulation of Investigatory Powers Act 2000.

The nature of the work done by the intelligence services, he said, means many of their powers need to be taken on trust. His experience as chair of the ISC and as Attorney General is that the agencies consistently act to high ethical standards. Yet even supposing, which to best of his knowledge is the case, none of these powers had ever been misused, it does not mean there should be no safeguards to prevent such misuse. Times and regimes change and standards might slip.

The committee were appreciative of the government making an effort to address some of their concerns. Mr Grieve welcomed movement relating to legal professional privilege but suspected there is still some way to go with this. The ISC were "disappointed that the Bill does not include a clear statement on overarching privacy protections" and the protections that are in it are piecemeal and unlikely to reassure the public. It was a missed opportunity in relation to such reassurance and the chance to consolidate all legislation relating to investigatory powers operations in one place. The government are leaving some of these powers in other legislation which will not help with transparency.

One of the ISCs most pressing concerns was the lack of consistency on safeguards relating to authorisation procedures for the examination of communications data. The government response to this was that it would be too burdensome for senior officers if they make the processes consistent. The unspoken suggestion from government is that we can rely on the authorities not to misbehave.

The ISC were also seriously concerned about the authorisation process for bulk equipment interference. They have since accepted reassurance from the government that there will be consistency between the authorisation of bulk equipment interference and bulk interception. But in both cases they are withholding their stamp of approval until they see satisfactory detailed safeguards.

A third substantial concern of the ISC was the authorisation process around bulk personal datasets. The bulk of this data relates to innocent people.  There can be no substantive oversight of the mass intrusion into the lives of vast numbers of innocent people, if class based authorisations remain in the Bill. Ministers should authorise retention of personal datasets. The government rejected this idea as "too onerous" for ministers. The ISC responded that there was therefore an opportunity to expand the role of investigatory powers commissioners in this area. Class based authorisation must be removed from the Bill and it is not an excuse to say they're needed but too difficult to monitor with the requisite degree of care to avoid abuse.

There were a whole collection of other issues Mr Grieve did not have time, in his alloted 8 minutes, to put to the House but he did want to conclude with two further important ones. Firstly the ISC has not seen the full list of operational purposes underpinning the bulk powers in the IP Bill. This is absolutely fundamental and he hopes the committee will get to see this list before the Bill gets passed and becomes law. They had seen examples of operational purposes which appeared valid as far as they went.

The last concern he raised was that the ISC felt it would be appropriate if they were given the power to raise any concerns they might develop over the use of investigatory powers to the Investigatory Powers Tribunal.

Mr Grieve rounded off by saying the Bill was important and well-intentioned and he would support the government on the 2nd reading but that there were still improvements to be made to respect fundamental liberties.

The impression I came away with is that Mr Grieve is well intentioned, has a good grasp of the legal issues but not necessarily of the technology. A collection of briefings from a smart and articulate collection of techies might go a long way to helping. I'd suggest perhaps Ross Anderson, John Naughton, Richard Clayton and Ian Brown to begin with.

And if any Open University T171 alumni trip across this piece, there was a lovely animation in that course demonstrating the difference between circuit and packet switching that could prove very instructive for any MP struggling with the notion that there is a difference beween itemised phone bills and internet connection records. There's a pdf capture of the website here. The animations I'm interested in would have come at the end of Module 2 Section 2.7 of that version of the course. If anyone has portable versions of those animations or links to archived versions I'd appreciate a copy or pointer.

Friday, March 18, 2016

Circles of suspicion and the Investigatory Powers Bill

I attended an absolutely terrific conference in Cambridge, Oversight or Theatre? Surveillance and Democratic Accountability, in early February which I've meaning to write up here but simply haven't found the time. It was organised by John Naughton and Nora Ní Loideáin from the Technology and Democracy CRASSH project at Cambridge University and Ross Anderson live blogged it.

The recordings of all the panels and the subsequent well-informed question and answer sessions with the audience are now available at the CRASSH website. I particularly recommend the contributions of Conor Gearty, who opened proceedings, David Anderson, Richard Clayton, Lorna Woods, Ross Anderson and Nora Ní Loideáin.

The whole day constituted the most informed public debate on the Investigatory Powers Bill I've witnessed to date. Significantly higher quality than most the discussion on the 2nd reading of the Bill in the House of Commons earlier this week.

A copy of my slides from the second panel on the day -
I talked about internet connection records (ICRs) and recommended they be removed from the Bill but set up the discussion by considering the very persuasive case Professor David Omand makes for the bulk powers in the Bill.

Prof Omand, quite reasonably, suggests the guilty forfeit their right to privacy in connection with nefarious activities and the authorities are entitled, also, to collect and peruse the data of the suspicious. Those in the suspicious category may be innocent but if law enforcement and the security services have a justifiable cause to harbour suspicion, they have a duty to investigate such persons. The data of the innocent gets tangled up in all this but that's not a problem, the good professor suggests, since law enforcement and the security services are not interested in the innocent.

I figured it would be interesting to get a picture of the relative proportions of guilty v suspicious v innocent by throwing some hypothetical numbers at the problem. Since successive government spokespersons for the past 16 years have talked in terms of thousands of dangerous individuals here, I started with the hypothesis that there might be 6,000 dangerous people and 600,000 suspicious types resident in the UK, in a population of a little over 60 million. If that is anywhere close to the real numbers the relative areas of our guilty, suspicious and innocents' circles look like this -

So the collection of everyone's data in bulk for investigatory purposes begins to look somewhat disproportionate. If the numbers of guilty rise to 600,000 and the suspicious to 6 million the picture changes again -

By playing around with the relative numbers we can get a picture of how big we think the guilty and suspicious circles have to get, before we consider it proportionate to justify the bulk powers in the Investigatory Powers Bill.

Even with that latter diagram assuming 600,000 guilty and 6 million suspicious, it doesn't look reasonable to me that the remaining 54 million or so innocents get dragged into the digital net of suspicion.

The bottom line is that we only start to get a real picture of what the Investigatory Powers Bill bulk powers mean when we get into the detail of how they will operate or are expected to operate in practice. As far as ICRs go, the government should not be collecting, indiscriminately, for perusal and analysis, primarily electronic or otherwise - the excuse being the data will only be "seen" by computers - the reading, viewing and listening lists and other online activities of the entire population. Especially not those of tens of millions of innocents.