Monday, December 23, 2013

Patent trolls aka Patent Assertion Entities (PAEs) and the FTC

The Federal Trade Commission has had a public consultation on patent trolls. The FTC, however, adopt the industry's own description of itself as "Patent Assertion Entities (PAEs)". Once the government accepts patent trolls as legitimate economic actors, the battle to explain (or even attempt to understand properly) the complex calculus of their effect on the economy is effectively over.

Some of the submissions make interesting reading, though unsurprisingly, Intellectual Ventures (IV) have a slightly different perspective to, say, the Electronic Frontier Foundation (EFF) and Public Knowledge (PK). 

IV conclude:
For all the reasons described above, the information requests do not meet the requirements of the Paperwork Reduction Act, nor, more importantly, will they assist the Commission in meeting the goals of the 6(b) study. As currently drafted, the requests miss the opportunity to focus on the broader, economy - wide effects of patent assertion activity by different types of entities, and thus provide the Commission with no ability to compare the costs and benefits of PAE activity to its alternatives. The requests will also create enormous burdens for respondents, require unnecessary information, and generate a record far too large for the Commission to process efficiently. This combination may significantly delay the issuance of the report, which would greatly diminish its value. Because timely insights are critical, and IV is eager to work cooperatively with the Commission to ensure that it receives the information it needs to meet its goals in a timely manner, we respectfully urge the Commission to modify the requests as noted above.
Translation: stop irritating us with costly red tape and produce a report telling everyone how wonderful we are.

The EFF and PK, on the other hand, say:
The proposed Section 6(b) study would significantly advance the quantity and quality of public information regarding patent assertion entities. The study would, thus, both directly help the diverse targets of PAE activity and enable the FTC and other policymakers to better serve consumers and preserve competition. The FTC is also particularly well suited to make these requests; it has the necessary statutory authority and experience in consumer protection and patent policy to conduct this particular study. Finally, the Section 6(b) study's proposed respondents would find complying with the questions manageable and straightforward. Because the public understanding of PAEs remains limited by PAEs' covert practices, the FTC should proceed in asking these entities to provide basic answers that would serve consumers, small businesses, policymakers, and the general public.
Translation: these sneaky patent troll parasites are sucking real innovators and consumers dry; and the FTC are well placed to expose them to the public gaze and take them down a peg or two. It won't cost the trolls anything to fill in a few forms to attempt to justify themselves, so it's the least they should be asked to do.

Wednesday, December 18, 2013

Glenn Greenwald testimony at EP Inquiry on mass surveillance

Glenn Greenwald testified this morning at the EU parliament LIBE committee hearing on mass electronic surveillance. Copy of the recorded session below.



It's worth viewing in full if you can find a spare 90 minutes (otherwise wait for the transcript). If you can't last the full 90, there is a 7 minute video of extracts from Mr Greenwald's statement -



Mr Greenwald subsequently took exception to the misrepresentation of his evidence on twitter by conservative MP Julian Smith.

Video of the full morning session, including evidence from security specialists Christopher Soghoian of the ACLU, Christian Horcher, Prof Bart Preneel of the University KU Leuven in Belgium and Stephan Lechne of the IPSC (one of the seven institutes of the European Commission's Joint Research Centre) will be available shortly.

Update: Christopher Soghoian's written testimony has been made available by the ACLU.

Wednesday, December 11, 2013

Former whistleblowers: open letter to intelligence employees

Former whistleblowers, , , , , , , have published an open letter to intelligence employees in today's Guardian. I hope they won't mind if I reproduce it here in full.
"At least since the aftermath of September 2001, western governments and intelligence agencies have been hard at work expanding the scope of their own power, while eroding privacy, civil liberties and public control of policy. What used to be viewed as paranoid, Orwellian, tin-foil hat fantasies turned out post-Snowden, to be not even the whole story.
What's really remarkable is that we've been warned for years that these things were going on: wholesale surveillance of entire populations, militarization of the internet, the end of privacy. All is done in the name of "national security", which has more or less become a chant to fence off debate and make sure governments aren't held to account – that they can't be held to account – because everything is being done in the dark. Secret laws, secret interpretations of secret laws by secret courts and no effective parliamentary oversight whatsoever.
By and large the media have paid scant attention to this, even as more and more courageous, principled whistleblowers stepped forward. The unprecedented persecution of truth-tellers, initiated by the Bush administration and severely accelerated by the Obama administration, has been mostly ignored, while record numbers of well-meaning people are charged with serious felonies simply for letting their fellow citizens know what's going on.
It's one of the bitter ironies of our time that while John Kiriakou (ex-CIA) is in prison for blowing the whistle on US torture, the torturers and their enablers walk free.
Likewise WikiLeaks-source Chelsea (née Bradley) Manning was charged with – amongst other serious crimes – aiding the enemy (read: the public). Manning was sentenced to 35 years in prison while the people who planned the illegal and disastrous war on Iraq in 2003 are still treated as dignitaries.
Numerous ex-NSA officials have come forward in the past decade, disclosing massive fraud, vast illegalities and abuse of power in said agency, including Thomas Drake, William Binney and Kirk Wiebe. The response was 100% persecution and 0% accountability by both the NSA and the rest of government. Blowing the whistle on powerful factions is not a fun thing to do, but despite the poor track record of western media, whistleblowing remains the last avenue for truth, balanced debate and upholding democracy – that fragile construct which Winston Churchill is quoted as calling "the worst form of government, except all the others".
Since the summer of 2013, the public has witnessed a shift in debate over these matters. The reason is that one courageous person: Edward Snowden. He not only blew the whistle on the litany of government abuses but made sure to supply an avalanche of supporting documents to a few trustworthy journalists. The echoes of his actions are still heard around the world – and there are still many revelations to come.
For every Daniel Ellsberg, Drake, Binney, Katharine Gun, Manning or Snowden, there are thousands of civil servants who go by their daily job of spying on everybody and feeding cooked or even made-up information to the public and parliament, destroying everything we as a society pretend to care about.
Some of them may feel favourable towards what they're doing, but many of them are able to hear their inner Jiminy Cricket over the voices of their leaders and crooked politicians – and of the people whose intimate communication they're tapping.
Hidden away in offices of various government departments, intelligence agencies, police forces and armed forces are dozens and dozens of people who are very much upset by what our societies are turning into: at the very least, turnkey tyrannies.
One of them is you.
You're thinking:
● Undermining democracy and eroding civil liberties isn't put explicitly in your job contract.
● You grew up in a democratic society and want to keep it that way
● You were taught to respect ordinary people's right to live a life in privacy
● You don't really want a system of institutionalized strategic surveillance that would make the dreaded Stasi green with envy – do you?
Still, why bother? What can one person do? Well, Edward Snowden just showed you, what one person can do. He stands out as a whistleblower both because of the severity of the crimes and misconduct that he is divulging to the public – and the sheer amount of evidence he has presented us with so far – more is coming. But Snowden shouldn't have to stand alone, and his revelations shouldn't be the only ones.
You can be part of the solution; provide trustworthy journalists – either from old media (like this newspaper) or from new media (such as WikiLeaks) with documents that prove what illegal, immoral, wasteful activites are going on where you work.
There IS strength in numbers. You won't be the first – nor the last – to follow your conscience and let us know what's being done in our names. Truth is coming – it can't be stopped. Crooked politicians will be held accountable. It's in your hands to be on the right side of history and accelerate the process.
Courage is contagious.
Signed by:
Peter Kofod, ex-Human Shield in Iraq (Denmark)
Thomas Drake, whistleblower, former senior executive of the NSA (US)
Daniel Ellsberg, whistleblower, former US military analyst (US)
Katharine Gun, whistleblower, former GCHQ (UK)
Jesselyn Radack, whistleblower, former Department of Justice (US)
Ray McGovern, former senior CIA analyst (US)
Coleen Rowley, whistleblower, former FBI agent (US)"

Monday, December 09, 2013

Kids can opt out of school fingerprinting

May I recommend Jon Baines' short blogpost pointing out that kids can opt out of school fingerprinting and/or biometrics collection whether the school or their parents like it or not. Jon succinctly draws attention to Chapter 2 of Part 1 of The Protection of Freedoms Act 2012.
"The school
must ensure that a child’s biometric information is not processed unless—
(a)at least one parent of the child consents to the information being processed, and
(b)no parent of the child has withdrawn his or her consent, or otherwise objected, to the information being processed….
The relevant authority must ensure that reasonable alternative means are available by which the child may do, or be subject to, anything which the child would have been able to do, or be subject to, had the child’s biometric information been processed.
But also note (here’s the totally rad bit) that, even if your parents are OK with it, you have the right to object, and if you do, that trumps what your parents, and your school, think. Cool eh?
if, at any time, the child—
(a)refuses to participate in, or continue to participate in, anything that involves the processing of the child’s biometric information, or
(b)otherwise objects to the processing of that information,
the relevant authority must ensure that the information is not processed, irrespective of any consent given by a parent of the child"

Friday, December 06, 2013

"Academic progress" a matter for the academy not the Home Secretary?

The Court of Appeal published an important decision on universities' border control obligations yesterday, Pokhriyal v The Secretary of State for the Home Department [2013] EWCA Civ 1568 (05 December 2013)

Academics and university administrators really should read Lord Justice Jackson's conclusions on the appeals of two foreign students whose leave to remain in the UK has expired.

The bottom line is that the Court decided that despite the Byzantine immigration rules universities are now obliged to incorporate into our operational processes, "academic progress" is a matter for the academic institution not the Home Secretary or her officials acting in her stead (see paragraph 58). The good judge firstly outlines the facts of the case.
"
  1. These are appeals by two foreign students whose leave to remain in this country has expired. They challenge the Secretary of State's decisions, upheld by the First-tier Tribunal and the Upper Tribunal, that their proposed further courses do not constitute academic progress from their previous studies.

  2. The first appellant is Himanshu  Pokhriyal  ("HP"). The second appellant is Amjad Hussain ("AH"). Although there is no order for anonymity, it is easier to refer to both appellants by their initials.

  3. Both appellants came to the UK as Tier 4 (general) students under the Points Based System ("PBS"). The rules governing the PBS are set out in the Immigration Rules and the appendices to those rules. These provisions have now achieved a degree of complexity which even the Byzantine Emperors would have envied."
Jackson LJ then goes on to outline some of the immigration rules before considering each student in turn. Let's focus on HP's case ("CAS", incidentally is the Confirmation of Acceptance for Studies form a college or university fills out on behalf of the student and submits electronically to the UK Border Agency):
"HP
  1. HP is an Indian national, born in 1986 and now aged 27. HP came to the UK for the purpose of studying in September 2008. He was granted leave to enter as a Tier 4 (general) student under the PBS. He was subsequently given leave to remain in that capacity until 4th January 2012.

  2. Initially HP studied for a postgraduate diploma at the London School of Business Management. HP subsequently transferred to other colleges, where he studied business administration and business management. These courses were classified as NVQ level 7.

  3. In late 2011 HP decided that he needed to obtain a qualification in IT, in order to improve his career prospects. He applied for and secured a place at St Stephen's College to study for a diploma in IT. This was a two and a half year course, classified as NVQ level 5.

  4. HP applied to the Secretary of State for an extension of his leave to remain in the UK, so that he could undertake the IT course. In support of that application St Stephen's College issued a CAS, which it sent to UKBA.

  5. In the box on the CAS marked "evidence provided" the college described the previous courses which HP had undertaken. The college then added this:
  6. "ACADEMIC PROGRESSION: Student has studied a PGD for general academic purposes but as he wants to go into the IT industry, a qualification in IT combined with the PGD would offer him better opportunities. Student wishes to follow a career in IT in India and in particular with the Tata Group. He believes that his previous studies in the UK combined with an IT qualification would provide him with additional opportunities in following his chosen career path."
  7. By a letter dated 9th February 2012 the Secretary of State refused HP's application on the ground that HP's new course did not constitute "academic progress" within the meaning of paragraph 120B of Appendix A to the Immigration Rules. Accordingly HP failed to achieve the required 30 points under paragraph 245ZX (c) of the Immigration Rules.

  8. HP appealed unsuccessfully against that decision first to the First-tier Tribunal, then to the Upper Tribunal. He now appeals to the Court of Appeal."
In paragraphs 33 to 55 Lord Justice Jackson outlines the Court's interpretation of the pertinent immigration rules and then concludes on HP:
"
  1. The issue in HP's case is a short one. It turns upon the words used by St Stephen's College in the CAS, which I have quoted in Part 2 above. The issue is whether those words constituted confirmation that the IT course for which HP had been accepted represented academic progress.

  2. In my view that passage did constitute such confirmation. It begins with the words in capitals "ACADEMIC PROGRESSION". In other words the college regarded the IT course as academic progress. The college uses the word "progression" as a synonym for "progress". There then follows an explanation as to why the IT course represented academic progress. The reason why the new course at NVQ level 5 was academic progress from the previous course at NVQ level 7 was, in effect, explained by the fact that the student needed skills in a different field in order to complement his original qualification and to obtain future employment.

  3. The Secretary of State in her refusal letter, the First-tier Tribunal and the Upper Tribunal all fell into the same error. They all considered the evidence and formed their own view as to whether the IT course constituted academic progress. The question whether the IT course was academic progress was a question for St Stephen's College, not the Secretary of State. On appeal the First-tier Tribunal and the Upper Tribunal should not have interfered with the college's decision, when the college had plainly addressed its mind to the question of academic progress and formed a reasonable view on the subject.

  4. In these circumstances, I see no basis to invalidate the college's confirmation of academic progress. As the Secretary of State acknowledges in paragraph 375 of her guidance statement to colleges, a course at a lower level can on occasions constitute academic progress. This, in the college's view, is such a case. The IT course would enhance the business skills which HP had gained in his earlier studies.

  5. In the result, therefore, HP satisfied the requirements of paragraph 120B of Appendix A. Accordingly he scored 30 points under paragraph 245ZX (c) of the Immigration Rules. If my Lords agree, HP's appeal will be allowed."
Shorthand - the college not the Home Office gets to decide what constitutes "academic progress". That's important for the higher education sector to be aware of in times of widespread fear mongering around immigration.

Longmore LJ and Vos LJ agreed with Lord Justice Jackson's opinion but for different reasons.

Lord Justice Vos says in the cases of the two students considered the conclusions could be clear. However he felt it is allowable for the Secretary of State to -
"challenge the validity of the confirmation of academic progress... but that it would be better to leave a consideration of what those circumstances might be to a case in which such a challenge is made...
Suffice it to say for the purposes of these cases that I entirely agree that any argument as to whether or not a particular course does or does not represent academic progress is intended, under the Appendix A of the Rules and the guidance documents, to take place only between the college and the Secretary of State. The student is not intended to be involved"
Lord Justice Longmore's concurrence focuses on procedural errors on the part of the UK Border Agency in turning down the other student (AH's) application to stay. He also raises an interesting concern that since the student has no part in the CAS process how can they appeal if there are errors on the part of the college or the UKBA?

Expect more of these cases given the government's obsession with being seen to crack down on immigration and Vos LJ's concurrence which may be interpreted as an invitation to the Home Secretary.

Just one final general point in relation universities getting dragged into the immigration vetting business - when I signed up to the Open University nearly two decades ago it was for education duty not border control duty. 

Tuesday, December 03, 2013

I hit a Twitter limit...

I believe I have just been slighted (if not censored) by Twitter.  While tweeting on Guardian editor, Alan Rusbridger's, evidence before the Home Affairs select committee I hit a limit:
"You are over the daily limit for sending Tweets. Please wait a few hours and try again"
The daily limit is 1000 tweets a day and I've reached nothing like that number. So presumably I've run into the "daily update limit is further broken down into smaller limits for semi-hourly intervals" condition. So what is the smaller limit for semi hourly intervals? A quick count suggests I've posted about 125 tweets today, around 150 in the past 24 hours, a personal daily record, no doubt, but not really within the proverbial ass's roar of the 1000.

Neither could I continue tweeting the evidence of Sir Bernard Hogan-Howe QPM, Metropolitan Police Commissioner, and Cressida Dick QPM, Assistant Commissioner, Metropolitan Police.

They have confirmed, as far as I can tell but there was a lot of confused back and forth in the questioning, that they are engaging in a continuing enquiry into evidence seized from David Miranda. Ms Dick said they would go where the evidence takes them and will be careful and proportionate. They are working closely with the CPS on the investigation. "It appears possible that some people may have committed offences". The law surrounding all this is complicated and the CPS will decide whether to prosecute once the Met has pursued their scoping exercise and investigation of the Miranda materials. 

Mr Hogan-Howe eventually intervened to remind us that the Miranda material was currently the subject of a judicial review. The courts have reserved their judgement on whether the Met got the material lawfully under schedule 7 of the Terrorism Act and they will have to wait to see how that progresses.

Alan Rusbridger earlier said he didn't know if the Guardian or its staff were under police investigation.

Debate on oversight of intelligence & security services Part 3

On the day that The Guardian's editor is due to appear before the Home Affairs committee I thought it was time to round off my reporting on the parliamentary debate on the of oversight intelligence & security services. The debate is over a month old now and with the exception of the Guardian has, sadly, largely been ignored by the mainstream media.

Dominic Raab made the most telling contribution to the session, as I mentioned in Part 1. Part 2 of my report concluded with Malcolm Rifkind's endeavours to defend the Intelligence and Security Committee (ISC) which he chairs and the intelligence services his committee is tasked with overseeing. The committee has 9 members (7 MPs and two members of the House of Lords) and a part time investigator. The intelligence services have a staff of over 13000 and a 2013/14 budget of £2.1 billion, according to the Guardian.

Picking up again from Mr Rifkind's evidence, he believed -
  • there is no interception if it is only done by computers and the data is not seen by a human being
  • the Justice & Security Act 2013 has brought a "cultural revolution" to the ISC
  • hinted that critics claiming that the ISC didn't know about the Tempora undersea cable interception programme did "not have the faintest idea whether the Committee was aware of programmes of any kind."
  • computers are clever
  • 99.99% of the data they gather and process is never looked at so describing the activities of the intelligence services as mass surveillance was unconscionable
He then responded to a question from Tom Watson about the dangers of automated mass data analyses:
"the intelligence agencies have far more important things to do than to look at patterns of behaviour, unless they are directly relevant to a terrorist threat or serious crime. That is their function and legal duty, and if they go beyond it, they are committing a crime—even if they had the time, which they do not have, or the inclination to do so...
no other country in the world, including democratic ones, has both substantial intelligence agencies and such a degree of oversight."
He concluded by noting the Justice & Security Act 2013 has given the ISC all the oversight powers that critics have been asking for and the committee should be judged on their use of those powers and
"Right hon. and hon. Members should by all means scrutinise whether we use the powers properly, but they should please do so on the basis of knowledge about the Act"
He's right that Right hon. and hon. Members should understand the Act but an at least rudimentary but preferably deep understanding of the technology and the mathematics is also crucial. Such understanding was not evident in the contributions of the members of the ISC to the debate.

Rodney Buckland (Conservative) was next in line and he raised the need for reform of the Regulation of Investigatory Powers Act (RIPA) and the question of Schedule 7 of the Terrorism Act, widely believed to have been abused in the detention of David Miranda at Heathrow airport. David Anderson QC, the independent reviewer of terrorism legislation, has recently indeed called for an end to detention at borders without suspicion. His note to the Home Affairs select committee on the matter is available at the Parliament website.

Mr Buckland felt "the threshold of reasonable suspicion should come into play at the point when a person is formally detained" under schedule 7. He concluded by criticising the Guardian and saying privacy was important but in a balanced way, so we could catch terrorists too.

At this point Graham Brady who had taken over chairing the session part way through said he was restricting the remaining 3 speakers to 6 minutes each.

Richard Graham paraded his colours as a former diplomat and an anecdote about his first professional stint abroad - his first phone call, he says, got interrupted by a 3rd party asking him to repeat his last sentence. Mr Graham's purpose seemed to be to-
  • ridicule Julian Huppert, David Winnick and the anti mass surveillance side of the debate as being motivated by hysteria and naivete
  • note the hilarity of the shock at the news that spies actually spy
  • defend the honour and impeccable integrity, in addition to the law abiding citizenship and valour, of the chaps and chapesses in the intelligence services
  • allow these good folks, without undue interference, the capacity to get on with battling the multitude of "more complicated and more sophisticated" threats we face - including include nuclear proliferation, cyber-attacks, attacks on our intellectual property, organised crime and new weapons - that could destroy us. (Interesting to see intellectual property getting a mention in this context).
Dr Julian Lewis followed Mr Graham. He had three points to make in addition to praising Julian Huppert (anti) and Martin Horwood (pro) -
  • It is unacceptable for huge numbers of junior staff to have access to classified material
  • It's harder to track people today than it was in the past (seriously!); therefore data on everyone needs to be gathered for post hoc mining; and so what if there are lots of irrelevant data haystacks
  • Edward Snowden is no more a whistleblower than Julian Assange. What Snowden did was "irresponsible—" Unfortunately he didn't get to use his prepared label for Mr Snowden since the chairman cut him off, his 6 minutes were up.
Tobias Elwood was next and immediately undermined his contribution by stating
"The debate is about the balance of individual privacy versus the collective right to security."
No it really is not about balancing privacy and security. It is a completely false assumption to consider privacy and security to be opposites. Reinforcing cockpit doors has not undermined privacy in any way but is probably the single most important security measure brought into aviation since the 9/11 attacks.

Mr Elwood has suffered a personal loss due to a failure of the intelligence services to share information in timely fashion. His brother was killed in the Bali bombing as a result.

Diana Johnson stepped up to have a dig at Nick Clegg -
"Even the Deputy Prime Minister, given his recent comments to the media, appears to have missed the reforms that strengthened the Intelligence and Security Committee. That is surprising, considering he has 19 special advisers."
 - offer her interpretation of RIPA, express her confidence in the ISC and her hopes the committee will show its ability to conduct public hearings and restore public confidence.

At 4.18pm the Parliamentary Under-Secretary of State for the Home Department, James Brokenshire, got to his feet.and delivered a largely monotonal reading from his brief.
  • the intelligence services do essential work "confronting the diverse terrorist threat that this country continues to face"
  • the importance of scrutiny of the intelligence services is underlined by the loss of Mr Elwood's brother in the Bali bombing
  • intelligence work should happen within a strict legal and policy framework and it does and it has strict oversight but the intelligence services need "to maintain an edge in tackling terrorism and stopping criminals"
  • much oversight must happen behind closed doors to keep secret information secret
  • secrecy is essential  
  • intelligence services are overseen by more mechanisms than many other areas of government 
  • the ISC is good and got more power this year from the Justice and Security Act
  • in response to a question from Tom Watson on why Tempora did not receive parliamentary scrutiny Mr Brokenshire said it "not appropriate" for him to comment on such things in public
  • when Mr Brokenshire prevaricated following a question from Dr Huppert on on whether the ISC can investigate on long running operations, Mr Rifkind jumped in to his rescue - the ISC "have completed discussions with the Government, the results of which will appear in a memorandum of understanding that will be published and include details of how these matters will be dealt with. That will ensure that that consideration cannot be used as an improper way of preventing the ISC from obtaining access to operations that—by any normal, common-sense approach—could be considered as completed."
  • David Anderson QC, the independent reviewer of terrorism legislation is deserving of praise (mind you this was before Mr Anderson suggested restrictions on the use of Schedule 7 of the Terrorism Act)
  • GCHQ doesn't look inside the UK - this is misleading since GCHQ does look inside the UK under section 16 of RIPA
Mr Brokenshire concluded:
"It is this multi-faceted oversight that complements rigorous internal controls within the agencies themselves. The agencies’ recruitment and training procedures are all designed to ensure that those operating within the ring of secrecy can be trusted to do so lawfully and ethically. A culture of compliance with both the letter and the spirit of the law pervades everything that they do...
 This has been an important debate, highlighting the strength of the scrutiny that we have and the different layers of scrutiny that operate in this country. I believe that we have every reason to be proud of those oversight arrangements and of the work of our agencies."
We've no reason to doubt that many of the intelligence agencies' 13,000 plus employees do some terrific work. Mr Brokenshire's claim that we should be proud of the scrutiny of the intelligence services doesn't pass the laugh test in the light of the reports all round the world based on the Snowden documents, however. We have every reason to be concerned that
  1. 850,000 people have access to classified UK and US government material
  2. the UK and US governments through the NSA and GCHQ have been complicit in the clandestine construction of an electronic infrastructure of mass surveillance
  3. government intelligence & security services with the aid of large commercial organisations engage in mass surveillance - indiscriminately collecting, processing and storing the personal data - of that large proportion of the population using and/or visible to communications networks
  4. the NSA and GCHQ have been systematically undermining encryption technology that underpins privacy and the security of commerce on the internet by encouraging vendors and standards bodies to build back doors into their systems
  5. the notion that only the good guys will exploit such security holes is naive; they have through this process effectively destroyed trust in these systems
  6. large technology companies have been quietly cooperating with all this, though once it became public they changed their PR approach to claim victimhood along with the masses
  7. the laws to facilitate this mass surveillance are already in place and where they do interfere the NSA and GCHQ have operational methods for circumventing such inconveniences ('what not to say' rules when dealing with overseers)
  8. those engaged in the formal oversight mechanisms of the intelligence services work have little or no understanding of the technologies involved, what exactly they are being used for and what the consequences might be
  9. the UK government - with echoes of the Spanish Inquisition's, Nazi Germany's and Mao Zedong's book burning - is prepared to be responsible for the physical destruction of mainstream press equipment 
  10. the UK government is prepared to threaten the press with D notices and prior restraint through the courts 
  11. UK government ministers including the Prime Minister David Cameron are prepared to threaten the press (e.g in the debate on the European Council, Hansard Official Report, 28 October 2013; Vol. 569, c. 667.)
  12. the NSA’s own internal auditors found its agents broke privacy rules thousands of times each year
  13. the US government via the NSA reportedly route significant funds ($100 million) to the UK government intelligence service GCHQ 
  14. GCHQ appreciate their "light oversight regime compared to the US" 
  15. the secret US FISA Court's ability to oversee US spy agencies is very limited
  16. US intelligence chief James Clapper lied (responded in the "least untruthful manner") to Congress about the extent of NSA surveillance
  17. we have expanded secret courts in the UK
  18. some of the regulations and laws governing the operations of the intelligence and security services are themselves secret
  19. politicians are all too willing to demonise the messengers and trot out poisonous soundbites - the innocent have nothing to fear; our critics comfort/support our enemies/terrorists; government's first duty is to protect the public; be afraid but give us the power and we'll protect you; move on there's nothing to see; ...national security...; trust us we're acting within the law - to defend the indefensible and sate their ambitions
  20. the fourth estate - mainstream broadcasters and press - in the UK has largely been content to ignore or marginalise Guardian revelations, allowing that publication to plow an isolated furrow on the Snowden affair; worse still the Murdoch press and the Daily Mail, in particular, have actively attacked and sought to undermine the Guardian reporting on the Snowden affair; fueling the government's political attack dogs' outrageous accusations that the Guardian is aiding terrorism by publishing Snowden's revelations
  21. the UK is prepared to detain people (e.g. Glenn Greenwald's partner, David Miranda) at borders without suspicion to the limits of Schedule 7 of the Terrorism Act
  22. the Secretary General of the Council of Europe, Thorbjørn Jagland, was sufficiently concerned to write to the UK Home Secretary about Mr Miranda's detention and the destruction of the Guardian's computers
  23. the information consuming public take an essentially soporific attitude to all this
  24. the US has been tapping the phones of world leaders including Angela Merkel, the German Chancellor
  25. the surveillance infrastructure has been used for industrial espionage
  26. the strong incentives now pushing towards the balkanisation of the internet
I would repeat, therefore, that the reporting of the Snowden documents, the behaviour of the US and UK governments and our respective intelligence & security services and the subsequent reaction to this have raised fundamental questions of public interest (even if, in our world of short attention spans, the public is only superficially and transitionally interested, if at all) about -

  • security (no top secret can be secure if nearly a million people have access to it as a routine part of their jobs)
  • privacy (you have none on the internet)
  • anonymity (again you have none on the internet)
  • free speech (when does a whistleblower become a traitor?; why and how is is ok to smash up a computer in the offices of the Guardian in the UK in 2013?)
  • management and oversight of the police, intelligence and security services (what are the political, legal, environmental, societal, economic, technical and architectural checks and balances, if any and are they fit for purpose?)
  • the size, power and reach of the security/intelligence/surveillance/anti-terror industrial complex
  • secret courts (FISA, FISAAA 2008; the UK now has its own secret courts courtesy of the Justice and Security Act 2013 which came into force in June)
  • circumvention of human rights laws and constitutional protections (Prism, Tempora, XKeyscore, GCHQ-NSA data sharing?)
  • dangerous normalisation of activities that would have horrified earlier generations and been condemned as the actions & infrastructure of a despotic police state if connected with the Soviet Union, East Germany, China et al
  • the surveillance activities implicated by the Snowden documents are a breach of international law not matter how carefully or effectively GCHQ or the NSA has circumvented their own domestic laws
  • activities excused as efforts to secure the safety of citizens of one country should not violate fundamental human rights of citizens of another country
  • Finally for now, as Brazilian president, H.E. Dilma Rousseff, said at the UN General Assembly recently
""The arguments that the illegal interception of information and data aims at protecting nations against terrorism cannot be sustained...
In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy. In the absence of the respect for sovereignty, there is no basis for the relationship among Nations.
We face, Mr. President, a situation of grave violation of human rights and of civil liberties; of invasion and capture of confidential information concerning corporate activities, and especially of disrespect to national sovereignty...
Friendly governments and societies that seek to build a true strategic partnership, as in our case, cannot allow recurring illegal actions to take place as if they were normal. They are unacceptable."

Monday, December 02, 2013

Response from MP on parliamentary surveillance debate

My MP, Nicola Blackwood, has written to explain she could not make it to the recent parliamentary debate last week on oversight of intelligence & security services. She has also written to William Hague to raise the concerns I expressed in my note to her prior to the debate.
"Dear Mr Corrigan,

Thank you for contacting me about the debate on oversight of the intelligence services. I do apologise for the delay in my response.

Unfortunately, I was unable to attend this debate due to a long-standing diary commitment. I have, however, read the transcript of the debate and have engaged with Ministers about the issues raised. If you would like to read the transcript of the debate yourself, it can be found at the following address: http://www.theyworkforyou.com/whall/?id=2013-10-31a.333.0

I appreciate your desire to ensure that powers to intercept communication are confined to what is necessary and proportionate to protect our national security, and also to be accountable. It is important to remember here the important work our security services do in tackling terrorism and international crime. However, I firmly believe, as does the Government, that it is absolutely right for this intelligence work to be carried out in accordance with a strict legal and policy framework that ensure that activities are authorised and entirely necessary.

Ministers have assured me that to intercept the content of any individual's communications in the UK requires a warrant signed personally by the Foreign Secretary, the Home Secretary, or by another Secretary of State. Every individual decision is taken based on legal and policy advice and warrants are required to be absolutely necessary and carefully targeted. Furthermore, the Interception of Communications Commissioner also has oversight powers in relation to decisions about whether to authorise the use of intrusive powers, for example in authorising the interception of communication.

At a parliamentary level, the Intelligence and Security Committee (ISC) examines the policy, administration, past operations and expenditure of the intelligence agencies and parts of the wider Government intelligence community. I am pleased that the powers of the ISC have recently been extended by the Government through the Justice and Security Act 2013, which makes it a committee of Parliament; provides greater powers; and increases its remit, including oversight of operational activity.

Ultimately there remains a need for secrecy within the intelligence community to allow agencies to function effectively, but I have received assurances from Ministers that the activities of the intelligence agencies do not, and will not, go unchecked.

I have written to the Foreign Secretary, William Hague, to raise your concerns and shall of course be pleased to pass on any response I receive in due course.

Thank you again for taking the time to contact me about this important issue, and I hope this response is helpful.

Kind regards
Nicola"
Ms Blackwood is a member of the Home Affairs select committee which Guardian editor, Alan Rusbridger, will be appearing in front of at 3pm tomorrow, followed at 4pm by Metropolitan Police Commissioner, Bernard Hogan-Howe and Assistant Commissioner, Cressida Dick. I've sent her a short response.
"Dear Nicola,

Thanks for your response and apologies for the delay in getting back to you.

Though I haven't had the time yet to cover the entire debate, you might find it useful to scan my analyses prior to Guardian editor Alan Rusbridger's appearance before the Home Affairs select committee's counter-terrorism evidence session tomorrow afternoon -

Debate on oversight of intelligence & security services Part 1 at http://b2fxxx.blogspot.co.uk/2013/11/debate-on-oversight-of-intelligence.html

Debate on oversight of intelligence & security services Part 2 at http://b2fxxx.blogspot.co.uk/2013/11/debate-on-oversight-of-intelligence_6.html

Your time is short but I would particularly recommend you pay careful attention to your colleague Dominic Raab's contribution to the debate, available at http://www.publications.parliament.uk/pa/cm201314/cmhansrd/cm131031/halltext/131031h0001.htm#13103154000332

I look forward to the Home Affairs committee proceedings tomorrow with interest.

Regards,

Ray"
The other members of the committee joining Ms Blackwood are Keith Vaz (Chair), Ian Austin (Labour), James Clappison (Conservative), Michael Ellis (Conservative), Paul Flynn (Labour), Lorraine Fullbrook (Conservative), Julian Huppert (Liberal Democrat), Yasmin Qureshi (Labour), Mark Reckless (Conservative), David Winnick (Labour). On past evidence we might expect Mr Austin to be critical of the Guardian and Messrs Huppert & Winnick to be supportive.

Wednesday, November 20, 2013

UK government opened UK citizen data to NSA

The latest, via the Guardian and Channel 4 News, on the Snowden revelations is that
"The phone, internet and email records of UK citizens not suspected of any wrongdoing have been analysed and stored by America's National Security Agency under a secret deal that was approved by British intelligence officials...
...an NSA memo describes how in 2007 an agreement was reached that allowed the agency to "unmask" and hold on to personal data about Britons that had previously been off limits.
The memo, published in a joint investigation by the Guardian and Britain's Channel 4 News, says the material is being put in databases where it can be made available to other members of the US intelligence and military community."
Good to see Channel 4 paying some attention -

Wednesday, November 06, 2013

Debate on oversight of intelligence & security services Part 2

With the exception of The Guardian the silence in the UK media about the parliamentary debate last week on oversight of intelligence & security services has been deafening. It is interesting to see the Independent in the past couple of days headlining UK spying in Berlin on the front page, though I doubt this is a harbinger of the cracking of the UK media dam on the subject.

Part 1 of my report on the surveillance debate ended with Dominic Raab's excellent contribution, so I'll pick it up from there. 

Labour MP David Winnick (anti mass surveillance) followed Mr Raab and opened by emphasising "the need for the security and intelligence agencies to work as required" even were we not faced by the threat of terrorism. He highlighted some past unsavory practices of government and the security services including the farcical censorship of Peter Wright's Spycatcher book, the security services culture of treating readers of the Daily Mirror as a threat and the more recent case of Binyam Mohamed, who had been subject to extraordinary rendition and torture. The Master of the Rolls,Lord Neuberger, concluded in 2010 that “Some Security Services officials appear to have a dubious record” on human rights.

An apparently angry red faced MP (according to Hansard this was Adam Holloway) jumped up at this point to demand whether, if there'd been a terrorist nuclear explosion in past few weeks, "the hon. Gentleman’s constituents" would change their minds about thinking Snowden was a traitor. Unfortunately that kind of distorted appeal to emotion was an all too common feature in the debate. Mr Winnick didn't accept that the Guardian's actions would lead to a nuclear attack or that there was the remotest shred of evidence that they had helped terrorists.

Mr Winnick then asked how the monitoring of world leaders phones helps the fight against terrorism and admonished the prime minister, David Cameron, in the strongest terms for his thinly veiled threat against the Guardian the same week.
"Going back to The Guardian, during Monday’s debate on the Prime Minister’s statement on the European Council, he said:
“I do not want to have to use injunctions, D notices or other, tougher measures; it is much better to appeal to newspapers’ sense of social responsibility. However, if they do not demonstrate some social responsibility, it will be very difficult for the Government to stand back and not to act.”—[Official Report, 28 October 2013; Vol. 569, c. 667.]
That is the most blatant threat to the press in recent times. It says in effect, “Do as I say or the Government will take the necessary measures.” That is all the more unfortunate while we are debating a royal charter that is being described as no threat to the press"
He finished with an emotional table thumping appeal for the Guardian to stand its ground in publishing material in the national interest and for parliament to support them in that endeavour.

Julian Smith MP (pro mass surveillance) who has demanded the Guardian be formally investigated for breaching official secrets and compromising national security then rose to his feet. He opened with his belief that "in Britain we have one of the best oversight regimes in the world."Strange that one of GCHQ's senior legal advisers has told the NSA exactly the opposite. He emphasised how much he likes the Guardian (in spite of labelling them "guilty... of treasonous behaviour" and demanding their prosecution) but the paper had admitted to sending detailed data about GCHQ internationally.

He couldn't resist a swipe at Tor -  a free open network that helps you defend against surveillance - which he labelled "the black internet—where child pornography, drug trafficking and arms trading take place". I know he only used 3 but I'm really tired of the 4 horsemen of the infocalypse ruse. Is it ever going to go away?

Next  - David Miranda's data, seized during his schedule 7 of the Terrorism Act detention at Heathrow, was, Mr Smith claimed, on a games console and "hackers" claim they have access to it. I'm afraid my fear mongering nonsense alarm was hitting overdrive at this point.

He concluded by urging the Guardian editor to be a good little boy, admit his appalling wrongdoing, throw himself on the mercy of the government and hand his data dumps back to the grown ups.

George Howarth, a Labour MP and member of the Intelligence & Security Committee (ISC), then opened with high praise for Mr Smith's "measured, thoughtful speech." No kidding. That's a direct quote and no prizes, therefore, for guessing Mr Howarth is in the pro mass surveillance lobby. He was involved in the ISC review and there was no evidence any laws had been broken - he seemed to be confirming that the mass surveillance was being done within the letter of the Regulation of Investigatory Powers Act (RIPA) and the Intelligence Services Act. He also denied the UK intelligence services had been circumventing the law by "by using the NSA’s PRISM programme".

Tom Watson intervened to ask if the ISC knew anything about the NSA's PRISM programme before the Guardian wrote about it and Mr Howarth, to the background laughter of the anti mass surveillance lobby, admitted they did not.

Mr Howarth went on then to say the ISC concluded with a "high degree of confidence" that there was no law breaking going on; and that "there might a case for trying to persuade the interception commissioner to become slightly more outward facing". At this point he was unceremoniously cut off by Chair Riordan declaring his time up and reducing time limit on further speeches to eight minutes.

Next up was Conservative MP Ben Wallace (pro mass surveillance and who I mis-identified in some tweets as Dominic Raab - apologies to both for that). Mr Wallace said the UK does intelligence and security better than anyone else. He was the first to run with the major of theme of 'how can all you silly beggars be surprised that spies actually engage in spying?' Mr Wallace has had the benefit of being an insider, having "worked in intelligence in Northern Ireland before half the legislation, which the hon. Member for Cambridge [Dr Huppert] seems to have missed, came into play." He did make the particularly salient point that no one was trying to regulate excess surveillance on the part of the private sector
"I have heard no criticism of the fact that we do not regulate the private sector. No one has expressed fear about that or demanded that we do so. The big capitalist companies in America—the Googles and the Facebooks—harvest our data without a by-your-leave, sell it on and on through intermediaries and make billions of pounds. However, I have not yet heard anyone mention that they all keep their servers offshore to avoid tax. That is the area that needs regulating to protect people."
Mr Wallace is proud the security services are regulated and would rather have the state than the international private sector controlling his personal data. RIPA is much criticised and it is not perfect but prior to its introduction he, as an intelligence officer, didn't have to "keep a log or register with anybody the things that I wanted to do." His former colleagues still hate RIPA but that's a good sign because it's an indicator they are accountable.

Sadly he then blots his copybook by insinuating the Guardian are tainted by associations with the KGB.

Mr Winnick interrupted noting the unconscionable abuse and torture of Binyam Mohamed and Mr Wallace agreed there "have been failures". He rounded off by implying Edward Snowden was clearly a traitor for choosing to travel to Hong Kong and Russia rather than Switzerland; And since he risked his life in Northern Ireland and opposed ID cards, 28 or 90-day detentions without charge and detention without trials that implied his views should carry some weight.

John McDonnell (anti) then got his chance, declared that the Guardian had been heroic and it was ludicrous that anyone should accuse them of treason.

He was followed by Martin Horwood (pro mass surveillance in spite of being a Lib Dem MP), popularly known as the MP for GCHQ since he represents Cheltenham and both his parents worked in the security services (Bletchley Park and GCHQ). He pointed out that staff at GCHQ find it difficult to forgive accusations of bad faith and illegality. Understandable perhaps. On mass surveillance:
if it was really taking place, it would—apart from being wildly impractical—be straightforwardly illegal. In his statement to the House, the Foreign Secretary made it clear that he still regarded the situation in this way:
“To intercept the content of any individual’s communications in the UK requires a warrant signed personally by me, the Home Secretary, or by another Secretary of State…Warrants are legally required to be necessary, proportionate and carefully targeted, and we judge them on that basis.”
Actually it is only necessary under RIPA that the minister believes a warrant to be necessary and proportionate. Far be it from me to cast aspersions but politicians, as a class, do seem to have a well honed talent for believing whichever story happens to support the agenda du jour. In fairness, this is an element of human nature and many of us, not just our much maligned politicians, are guilty on that score. I certainly can't claim careful and consistent cultivation of critical thinking/objectivity in all areas of life.

Mr Horwood was amongst the constituency of MPs who have absolute faith in the notion that there is no surveillance going if the information is merely collected and processed by computers but not actually physically read by a human being. That constuency is fundamentally wrong in that belief and have been for nearly 250 years, since the case of Entick v Carrington (1765) 19 Howell’s State Trials 1029, 2 Wils 275, 95 ER 807, Court of Common Pleas.

When Mr Horwood insisted on implying that there was little question but that Edward Snowden was a traitor, David Winnick, who was getting well warmed up at this pass, intervened to draw parallels with Daniel Ellsberg and the Pentagon papers which exposed US government lies about the Vietnam war. Ellsberg was called a traitor by the Nixon administration but "is now considered to be a hero who did a great service for his country."

Mr Horwood brushed him off suggesting UK checks and balances are so good, any lying or abuse on the part of the government or the security services would be reigned in by the Investigatory Powers Tribunal. I can't help but refer the honourable gentleman, as just one of many critical exhibits, to the JUSTICE all-party law reform and human rights organisation report of 2011, Freedom from Suspicion. They concluded (see the press release at the time for the short version):
  • Since RIPA came into force in 2000, there have been 20,000 interception warrants (e.g.secretly listening to phone calls and reading emails), more than 30,000 authorisations for directed surveillance (e.g. following someone in public), and more than 2.7 million requests for communications data (e.g. access to phone bills). The true extent of surveillance activity since 2000 is unknown because full numbers have never been published;
  • Of the nearly 3 million surveillance decisions taken by public bodies under RIPA since 2000, fewer than 5,000 (or 0.5%) were approved by a judge;
  • The highly secretive Investigatory Powers Tribunal, the main complaints body under RIPA, has only dealt with 1,100 complaints since RIPA began. In the last decade, it has only upheld ten complaints;
  • RIPA is poorly-drafted and lacks sufficient safeguards against abuse. This has contributed to the failure of the Metropolitan police to properly investigate phone-hacking, the illegal recording of privileged conversations between lawyers and clients, the spread of CCTV cameras, and the use of snooping powers by local authorities.
So his suggestion that the Investigatory Powers Tribunal's oversight regime is robust is, at least, questionable.

Michael Meacher then got his turn criticising RIPA which he considers so broadly drafted it enables governent to do whatever they like. He is also largely skeptical of the 'trust us' approach of government on surveillance matters since they have repeatedly been shown to have breached that trust. Malcolm Rifkind, chairman of the ISC (pro mass surveillance and a signed up member of 'it's not surveillance if it's only seen by computers' club) jumped up, apoplectic at Mr Meacher's claims that parliament has no say on who sat on the ISC. He neglected to say that parliament only got to say yes or no to the Prime Minister's picks for the committee. Mr Meacher with Dr Huppert's help then suggested the members of the ISC should be selected by parliament not the Prime Minister.

The Prime Minister also gets a veto on ISC reports, "can modify the report in any way he or she chooses and then publish it without any indication of the changes, or publish it in redacted form, or not publish it at all. That is not serious scrutiny."

Mr Rifkind (pro) got his official turn when Mr Meacher sat down. He couldn't help himself. He had to start by noting Edward Snowden now has a job working for a website in Russia but we were not allowed to know what the job was for security reasons. Unspoken - He has a job. In Russia. With Computers. Therefore he's a Russian spy. QED.

Mr Rifkind was adamant that the ISC do report to parliament under the "new legislation" (by which I assumed he meant the Justice & Security Act 2013) and the ISC is now newly constituted. Under these new regulations the Prime Minister won't get to select the chair. S/he will be elected by ISC members. The new rules also require intelligence services to supply "all information regarding nationally significant operations" to ISC. That's "a cultural revolution". Critics that claimed the ISC didn't know about the Tempora (GCHQ undersea fibre optic cables interception) programme did "not have the faintest idea whether the Committee was aware of programmes of any kind."

It is at this point that the honorable chairman of the ISC then demonstrated his serious misunderstanding of technology and its use. He declared that computers are clever and can sort data so 99.99% of it is never looked at. Therefore we are not subject to mass surveillance. To be fair to Mr Rifkind I will quote him in full on this:
"mass surveillance”. If that means anything, it is an accusation: the implication is that all our e-mails are or will be examined by GCHQ—as it chooses and by its own methods—as though something like that was now available. They seem totally to misunderstand or not to refer to the reality of what happens with modern technology, so in the brief time available, I will share with them what they ought to know. It is not secret, but is in the public domain.
Modern computers, which can indeed digest vast amounts of e-mails or communications data, are programmed to run using certain selectors, such as an e-mail address that might belong to a terrorist or some other information relating to terrorism. They are programmed to go through millions and millions of communications and to discard, without their having been looked at—no human eye looks at any of the e-mails—all those to which selectors are not attached.
Of the totality processed by computers, perhaps 0.01% will have selectors that the computer has been programmed to look for. The communications of the other 99.99%— covering virtually every citizen of this country, bar a very small number—are never even looked at by the computer, other than in relation to a selector, such as an e-mail address. Even for the tiny minority identified by the computers as potentially relevant to terrorism, if GCHQ, MI5 or MI6 want to read the content of any of the e-mails, they have to go to the Secretary of State for permission. Under the law, only if they are given permission can the content be read.
To say that we are living in a mass surveillance society is to make a wonderful allegation that sounds vaguely sinister, but the reality is that the e-mails of pretty well everyone in the Chamber are not being intercepted or read."
Ok some comments and questions for Mr Rifkind -
  •  "Modern computers... are programmed to run using certain selectors" - who programs the computers and what are the specific 'selectors'/filters? Who decides what the selectors should be? Who decides who decides what the selectors should be? The chair of the ISC doesn't understand computers, so how can he effectively and his committee scrutinise the technical aspects of this work? How do you measure the efficacy of these filters given it is widely known in the tech community how ineffective electronic filters can be? How, when someone is tagged as suspicious via these secret algorithms, does the information on that individual then get further processed? What happens when someone is wrongly tagged and how do they retrieve their innocence and clean bill of electronic health? Are you aware of the nature of false negative results and false positive results?
  • do you really believe there is no interception of communications if the interception is only done by computers and not seen by a human being?
  • I'm going to do some very rough maths here in an attempt to explain the problem with your point that only 0.01% of communications data is looked at. 0.01% of 60 million people in the UK implicates 6000. Now the pattern flagging will be nowhere near as simple as that but just run with it as a crude estimate. We know from the deputy director of the NSA testifying before the House Judiciary Committee that you don't need to be a terrorist or have contact (deliberate or inadvertent) with a terrorist to be flagged as suspicious. The NSA (and presumably GCHQ?) is allowed to travel “three hops” from its targets – who could be people connected to people connected to people connected to you. 0.01% of the UK population or 6000 people are 2 degrees of separation from about 160,197,360 and 3 degrees of separation from over 26 billion others (about three and a half times the population of the world). Even limiting suspicion to two hops, your 0.01% of data on UK residents, Mr Rifkind, implicates more than 2.6 times the entire UK population, the equivalent of the more than 160,000,000 people in India are considered untouchable and dehumanized by the caste system. I'm not trying to equate the mass surveillance of affluent UK computer users with the plight of the poorest people in the world but just trying to give some idea of the numbers we are talking about here. So the question for Mr Rifkind is that, given that we are all suspects, who decides which suspects the intelligence services' limited resources should be deployed to further investigate and pursue, once the computer algorithms have worked their magic? 
Mr Rifkind, you are absolutely right that the intelligence services have more important things to be doing than looking at data not "directly relevant to a terrorist threat or serious crime." However these gigantic data haystacks will put everyone 3 degrees of separation from multiple terrorist threats or serious crimes. Intelligence services and public officials with access to this data will have the capacity to deeply mine anyone's digital life once an algorithmic flag of suspicion is raised, even if they don't have the capacity to do so with everyone. That should give you pause for thought as to whether the "revolution in oversight" you have such faith in will be up to the task of controlling the mass surveillance monster that has been unleashed.

Could I also remind you that as long ago as 1765 Lord Justice Camden declared personal communications to be one’s “dearest property” and mass data collection fishing expeditions to be at odds with the rule of law.

Not only that but better intelligence, crime detection and prevention will be done through intelligent, targeted, proportionate, meta data collection & analysis; and intelligence led, targeted substantial content acquisition. The blanket collection and retention of data you currently seem to support will just allow the real criminals to lose themselves in the electronic noise whilst the security services are run ragged chasing innumerable false leads.

Part 3 of my thoughts on the UK parliament surveillance debate is now here.


Saturday, November 02, 2013

Debate on oversight of intelligence & security services Part 1

The UK parliament finally got round to debating the implications of the Snowden revelations on Thursday afternoon, 31 October. The Hansard record of the debate is now available. Thanks to the Open Rights Group for pointing out TheyWorkForYou.com also have a transcript of proceedings. With a handful of exceptions it was depressingly ill-informed and two dimensional. Contributors were either
  • Against mass surveillance - and make no mistake that is what this blanket electronic data collection, processing and retention is, even if you, as so many of the pro faction did, contend that there is no surveillance if only the computers 'see' the data - and, sadly, for "balancing" privacy and security, the false underlying assumption being that these are opposites; whilst insisting that doesn't mean they don't support the hard working intelligence & security services; and noting that the brave Guardian has done us all a public service and it was appalling they were accused of undermining national security when they hadn't
Or
  • For mass surveillance in the mistaken belief that it will help our hard working boys and girls in the security services to catch those bad bad bad terrorists; and anyone who has the appalling cheek to question the integrity of the security services is just a lover of pedophiles, terrorists, drug dealers and other criminals; and by the way the Guardian are treacherous traitors who had undermined national security because the anti mass surveillance crowd had no proof that they hadn't; with the occasional dose sarcasm from those who could not muster up sufficient pompous indignity - why are you fools so shocked that spies are doing their job and spying?
Julian Huppert (anti) opened the debate.
"As technology changes and the capacity of the state and companies to collect and analyse data grows massively, we are in danger of sleepwalking into a surveillance society on a scale that peacetime Britain has never seen. It is not planned, and nor is it the actions of malevolent individuals; it is merely the natural trend of what will happen if nothing is done to stop it.
It can be argued that the definitions of war and peace are no longer the same, and that our enemies are faceless and splintered and will attack our way of life if we give them an inch—that argument is often made by Prime Ministers and Home Secretaries—but if we shape our laws solely in response to that fear, chipping away at our own liberty and privacy, those enemies have already won.
The key questions of security, privacy and liberty in a digital age will come to define the 21st century. The world is changing. All of us carry around tracking devices, in the shape of our mobile phones, wherever we go. We carry devices that can be activated and controlled remotely and that store much of our most personal information. Who can read it? Who has access to that information? How do we want to protect it? We have to agree the rules now, before we lose control completely."
Julian Smith (pro), who else, interrupted to say
" Does my hon. Friend agree that the very people about whom he is talking have been put under grave threat by some of the reporting, particularly by The Guardian newspaper, of the leaks?"
D Huppert responded:
"No, I do not. I understand that the secretary who looks at the defence advisory notices has confirmed that nothing has been published in The Guardian that suggests a risk to life. The Guardian has not published photos on its website of anybody who works in the area without pixellating their faces."
Touché! That'll be a reference to Mr Smith publishing a photo on his official website of staff from Menwith Hill without pixellating their faces.

Caroline Lucas (anti) stepped in to make the point that the obsession with the Guardian was extraordinary. Wide ranging debates about mass surveillance were taking place all over the world and the UK is trying to stifle discussions and shoot the messenger.

Mr Huppert went on to suggest the UK sign up to the International Principles on the Application of Human Rights to Communications Surveillance. He also asked if we would be concerned if we found out the Chinese were tapping the prime minister's phone and by the way a Chinese company, Huawei, supply a lot of the equipment that makes up the core of our network infrastructure.
"I suspect that our intelligence agents would not miss the chance to install some equipment if we were given the chance to put in the backbone of the Chinese internet, so we should not assume that the Chinese would miss such an opportunity...
Individual surveillance is one thing, but the mass hoovering up of information enabled by new technologies has changed the system completely. It means that suspicion no longer comes first. I think that very few people think it inappropriate to target individuals where there is a serious suspicion of wrongdoing, but in the new approach, we are all suspects whose personal histories can be foraged through if ever there is interest in us later."
ID card cheerleader and former Home Office minister Blears popped up to give us the benefit of her er wisdom - mass surveillance was essential and stopped loads of terrorist plots in her day. The usual vague claims of secret amazing success and no mention of the flawed decision making leading to the shooting of innocent men and the killing and maiming of hundreds of thousands of innocents in Iraq and Afghanistan.

Once Julian Huppert concluded his contribution the chair of the session, Linda Riordan, said 12 people wanted to speak so she'd be imposing a 10 minute limit on each. Just think of that. On something as important as the operating and oversight of an infrastructure of mass surveillance, only a dozen of our 650 members of parliament could be bothered to show up with some prior preparation.

Tom Watson was next up and, disappointed he was only getting 10 minutes, posted the full speech he would have made on his website.
"At the heart of this cross party debate today is GCHQ’s own big data programme, Tempora, and its impact upon our citizens’ fundamental rights. It’s a new and profoundly challenging issue for policy makers. We have to answer questions about the nature, the scale and the depth of surveillance that should be tolerated in our democracy...
And let us be clear, if the Minister is telling us that the law permits such fundamental abuse of liberty, then the law is wrong, and the law must be changed.
I suspect the minster may point to section 16 of RIPA to suggest the Tempora programme is legal.
Interpreting S.16 of RIPA requires unravelling a triple-nested inversion of meanings, across six cross-referenced sub-sections, linked to a dozen other cross-linked definitions, and all dependent on a highly ambiguous “notwithstanding”.
It is probably the single most confusing and complex drafting ever put on the statute book, and I have heard that a former GCHQ Director said that it was drafted this way intentionally...
There is not a snowball’s chance on a hot day in Strasbourg that this will pass the tests of foresee ability and quality of law required by the European Convention (of Human Rights)"
I can't disagree with him about the spaghetti code of s16 of RIPA. Mr Watson's other significant contribution was in noting the practice of stripping citizenship from individuals with suspected terrorist connections.
"The Bureau of Investigative Journalism has highlighted the uneasy relationship between deprivation of citizenship, intelligence sharing with US, and targeting of former British citizens in drone strikes in Somalia. The concern is that citizenship may remove one obstacle on information sharing for the purpose of targeting British people...
David Ormand ex head GCHQ...mentioned the ‘ethically ambiguous position of the British public’ here because, he said, people here had benefited from the US drone programme, even though it would not be permitted in the UK. This can’t be right – the British public would surely be alarmed to hear that data collected in UK or on British citizens (or indeed anyone else) might end up being used to implement the US targeted killing programme – described as war crimes by Amnesty international."
Next up was the third co-sponsor of the debate, Dominic Raab (anti mass surveillance). He paid tribute to MI5 Director Andrew Parker for an under-reported aspect of his recent speech.
"While discussing trying to reduce the terrorist threat, he observed:
“In a free society ‘zero’ is of course impossible to achieve...A strong record of success risks creating an expectation of guaranteed prevention. There can be no such guarantee.”
Similarly, any democratic Government must be accountable to their citizens, particularly if they impinge on their citizens’ freedoms in the necessary pursuit of security. In recent years, UK surveillance of its citizens has increased exponentially, and the legal basis has sometimes, and now regularly, appeared strained at best. Oversight is frayed and legitimate debate is at risk of being drowned out by frankly untested assertions of national security.
In June, The Guardian published revelations by US National Security Agency whistleblower Edward Snowden that GCHQ was clandestinely tapping transatlantic fibre-optic cables, giving almost unfettered access to people’s phone call records, e-mails, Facebook entries and the like. The legal basis for Operation Tempora looks thin at best, and Parliament certainly had no idea of the scale of the use of those powers.
We also learned that Britain receives data from the US Prism surveillance programme, which appears to allow GCHQ to dilute—not circumvent entirely, but dilute—the safeguards that would apply if the same agencies were to gather the information themselves."
Mr Raab was particularly robust in rebuking the fear mongering of an intervening MP who was implying that terrorists are everywhere
" I thank my hon. Friend for his intervention, but he is wrong as a matter of fact. According to the terrorist threat assessment given publicly in annual speeches by successive director-generals at MI5, there was a spike—
My hon. Friend is shaking his head, but this is what the MI5 director-general said, so we ought to pay it some heed. There was a spike after 9/11, but it then dipped. In the most recent speech, given this month, the director-general said that the threat had not got worse...
In this month’s speech, the MI5 director-general also lambasted The Guardian for handing terrorists a “gift”—he used a potent word. More recently, Ministers have claimed that the disclosures have put lives at risk. I want to take that seriously, because Mr Parker claimed that making public
“the reach and limits of GCHQ techniques”
breaches national security. To be clear about what was being discussed, the newspaper was not disclosing interception techniques—the technical aspect—or revelations of sources or operatives, which would clearly be a major source of concern, but simply revealing our intelligence “reach”. I find the assertion that was made difficult to take at face value. The contention may be true, but it cannot be taken on mere assertion.
Any serious terrorist groups assume that their phones, e-mails and internet use will be monitored. That is no secret, and learning that Western spies drain the swamp of their own citizens’ data in the process does not aid terrorists in any tangible way. If national security had been materially breached, why has no one at The Guardian been charged or even arrested since the search of its offices back in July? Why was David Miranda not arrested and bailed, following his detention for several hours at Heathrow, in August?
Either UK law enforcement is surprisingly slow—given the assertions—or national security is being used as a fig leaf to muzzle disclosures that are just plain embarrassing.
I accept, by the way, that the disclosure that 850,000 contractors can access data from Project Tempora represents a security concern, but of course that vulnerability is entirely of the Government’s own making.
I am prepared to be proven wrong about all that, but Ministers and intelligence chiefs need to understand that the bald assertion of national security cannot be used to guillotine all debate. We are here to correct that understanding. Without revealing details that would prejudice the work of the security services, we need a coherent explanation of the damage to national security, not only vague and opaque assertions.
From reports in The Guardian, we also know that the Government are concerned about the legality of the powers that they are using—fears that public debate might lead to litigation, fears about legal challenge under the Human Rights Act. Those are legitimate concerns. I recall similar ones from my own experience of working with the agencies as a Foreign Office lawyer. Those, however, are altogether more nuanced concerns than the shrill and unsubstantiated suggestion that we have somehow lost track of terrorist plotters as a result of the revelations."
Very well said. He went on to assert with some justification that successive governments have been remiss in pushing and deploying mass surveillance, that the Intelligence & Security Committee charged with overseeing the security services is not fit for purpose and that, as Karl Popper said
“We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure.”
He then concluded:
"We need to pursue our security in a way that respects our freedoms, limits incursions to genuine cases of national security and does so under a regime that commands the rule of law. Failing to do that would be the real gift to the terrorists—a victory for everything that they believe in and a blow against everything we stand for."
Mr Raab is to be congratulated for one of the few thoughtful and balanced contributions to the debate and his speech should be read in full by anyone with a serious interest in or commitment to democracy. And thanks to him, Dr Huppert and Mr Watson, who were also reasonably well briefed (though I'd encourage Dr Huppert to avoid repetition of the security v privacy balance false dichotomy), for finally getting the matter raised in a parliamentary debate. It was a shame though not unexpected that the debate itself, with some exceptions, descended into little more than sales pitches and sniping from opposite sides, the anti mass surveillance crowd being marginally the better informed of the two.

I'll post some further thoughts on the debate when I get the chance.

Update: Part 2 and Part 3 now done.