Wednesday, November 06, 2013

Debate on oversight of intelligence & security services Part 2

With the exception of The Guardian the silence in the UK media about the parliamentary debate last week on oversight of intelligence & security services has been deafening. It is interesting to see the Independent in the past couple of days headlining UK spying in Berlin on the front page, though I doubt this is a harbinger of the cracking of the UK media dam on the subject.

Part 1 of my report on the surveillance debate ended with Dominic Raab's excellent contribution, so I'll pick it up from there. 

Labour MP David Winnick (anti mass surveillance) followed Mr Raab and opened by emphasising "the need for the security and intelligence agencies to work as required" even were we not faced by the threat of terrorism. He highlighted some past unsavory practices of government and the security services including the farcical censorship of Peter Wright's Spycatcher book, the security services culture of treating readers of the Daily Mirror as a threat and the more recent case of Binyam Mohamed, who had been subject to extraordinary rendition and torture. The Master of the Rolls,Lord Neuberger, concluded in 2010 that “Some Security Services officials appear to have a dubious record” on human rights.

An apparently angry red faced MP (according to Hansard this was Adam Holloway) jumped up at this point to demand whether, if there'd been a terrorist nuclear explosion in past few weeks, "the hon. Gentleman’s constituents" would change their minds about thinking Snowden was a traitor. Unfortunately that kind of distorted appeal to emotion was an all too common feature in the debate. Mr Winnick didn't accept that the Guardian's actions would lead to a nuclear attack or that there was the remotest shred of evidence that they had helped terrorists.

Mr Winnick then asked how the monitoring of world leaders phones helps the fight against terrorism and admonished the prime minister, David Cameron, in the strongest terms for his thinly veiled threat against the Guardian the same week.
"Going back to The Guardian, during Monday’s debate on the Prime Minister’s statement on the European Council, he said:
“I do not want to have to use injunctions, D notices or other, tougher measures; it is much better to appeal to newspapers’ sense of social responsibility. However, if they do not demonstrate some social responsibility, it will be very difficult for the Government to stand back and not to act.”—[Official Report, 28 October 2013; Vol. 569, c. 667.]
That is the most blatant threat to the press in recent times. It says in effect, “Do as I say or the Government will take the necessary measures.” That is all the more unfortunate while we are debating a royal charter that is being described as no threat to the press"
He finished with an emotional table thumping appeal for the Guardian to stand its ground in publishing material in the national interest and for parliament to support them in that endeavour.

Julian Smith MP (pro mass surveillance) who has demanded the Guardian be formally investigated for breaching official secrets and compromising national security then rose to his feet. He opened with his belief that "in Britain we have one of the best oversight regimes in the world."Strange that one of GCHQ's senior legal advisers has told the NSA exactly the opposite. He emphasised how much he likes the Guardian (in spite of labelling them "guilty... of treasonous behaviour" and demanding their prosecution) but the paper had admitted to sending detailed data about GCHQ internationally.

He couldn't resist a swipe at Tor -  a free open network that helps you defend against surveillance - which he labelled "the black internet—where child pornography, drug trafficking and arms trading take place". I know he only used 3 but I'm really tired of the 4 horsemen of the infocalypse ruse. Is it ever going to go away?

Next  - David Miranda's data, seized during his schedule 7 of the Terrorism Act detention at Heathrow, was, Mr Smith claimed, on a games console and "hackers" claim they have access to it. I'm afraid my fear mongering nonsense alarm was hitting overdrive at this point.

He concluded by urging the Guardian editor to be a good little boy, admit his appalling wrongdoing, throw himself on the mercy of the government and hand his data dumps back to the grown ups.

George Howarth, a Labour MP and member of the Intelligence & Security Committee (ISC), then opened with high praise for Mr Smith's "measured, thoughtful speech." No kidding. That's a direct quote and no prizes, therefore, for guessing Mr Howarth is in the pro mass surveillance lobby. He was involved in the ISC review and there was no evidence any laws had been broken - he seemed to be confirming that the mass surveillance was being done within the letter of the Regulation of Investigatory Powers Act (RIPA) and the Intelligence Services Act. He also denied the UK intelligence services had been circumventing the law by "by using the NSA’s PRISM programme".

Tom Watson intervened to ask if the ISC knew anything about the NSA's PRISM programme before the Guardian wrote about it and Mr Howarth, to the background laughter of the anti mass surveillance lobby, admitted they did not.

Mr Howarth went on then to say the ISC concluded with a "high degree of confidence" that there was no law breaking going on; and that "there might a case for trying to persuade the interception commissioner to become slightly more outward facing". At this point he was unceremoniously cut off by Chair Riordan declaring his time up and reducing time limit on further speeches to eight minutes.

Next up was Conservative MP Ben Wallace (pro mass surveillance and who I mis-identified in some tweets as Dominic Raab - apologies to both for that). Mr Wallace said the UK does intelligence and security better than anyone else. He was the first to run with the major of theme of 'how can all you silly beggars be surprised that spies actually engage in spying?' Mr Wallace has had the benefit of being an insider, having "worked in intelligence in Northern Ireland before half the legislation, which the hon. Member for Cambridge [Dr Huppert] seems to have missed, came into play." He did make the particularly salient point that no one was trying to regulate excess surveillance on the part of the private sector
"I have heard no criticism of the fact that we do not regulate the private sector. No one has expressed fear about that or demanded that we do so. The big capitalist companies in America—the Googles and the Facebooks—harvest our data without a by-your-leave, sell it on and on through intermediaries and make billions of pounds. However, I have not yet heard anyone mention that they all keep their servers offshore to avoid tax. That is the area that needs regulating to protect people."
Mr Wallace is proud the security services are regulated and would rather have the state than the international private sector controlling his personal data. RIPA is much criticised and it is not perfect but prior to its introduction he, as an intelligence officer, didn't have to "keep a log or register with anybody the things that I wanted to do." His former colleagues still hate RIPA but that's a good sign because it's an indicator they are accountable.

Sadly he then blots his copybook by insinuating the Guardian are tainted by associations with the KGB.

Mr Winnick interrupted noting the unconscionable abuse and torture of Binyam Mohamed and Mr Wallace agreed there "have been failures". He rounded off by implying Edward Snowden was clearly a traitor for choosing to travel to Hong Kong and Russia rather than Switzerland; And since he risked his life in Northern Ireland and opposed ID cards, 28 or 90-day detentions without charge and detention without trials that implied his views should carry some weight.

John McDonnell (anti) then got his chance, declared that the Guardian had been heroic and it was ludicrous that anyone should accuse them of treason.

He was followed by Martin Horwood (pro mass surveillance in spite of being a Lib Dem MP), popularly known as the MP for GCHQ since he represents Cheltenham and both his parents worked in the security services (Bletchley Park and GCHQ). He pointed out that staff at GCHQ find it difficult to forgive accusations of bad faith and illegality. Understandable perhaps. On mass surveillance:
if it was really taking place, it would—apart from being wildly impractical—be straightforwardly illegal. In his statement to the House, the Foreign Secretary made it clear that he still regarded the situation in this way:
“To intercept the content of any individual’s communications in the UK requires a warrant signed personally by me, the Home Secretary, or by another Secretary of State…Warrants are legally required to be necessary, proportionate and carefully targeted, and we judge them on that basis.”
Actually it is only necessary under RIPA that the minister believes a warrant to be necessary and proportionate. Far be it from me to cast aspersions but politicians, as a class, do seem to have a well honed talent for believing whichever story happens to support the agenda du jour. In fairness, this is an element of human nature and many of us, not just our much maligned politicians, are guilty on that score. I certainly can't claim careful and consistent cultivation of critical thinking/objectivity in all areas of life.

Mr Horwood was amongst the constituency of MPs who have absolute faith in the notion that there is no surveillance going if the information is merely collected and processed by computers but not actually physically read by a human being. That constuency is fundamentally wrong in that belief and have been for nearly 250 years, since the case of Entick v Carrington (1765) 19 Howell’s State Trials 1029, 2 Wils 275, 95 ER 807, Court of Common Pleas.

When Mr Horwood insisted on implying that there was little question but that Edward Snowden was a traitor, David Winnick, who was getting well warmed up at this pass, intervened to draw parallels with Daniel Ellsberg and the Pentagon papers which exposed US government lies about the Vietnam war. Ellsberg was called a traitor by the Nixon administration but "is now considered to be a hero who did a great service for his country."

Mr Horwood brushed him off suggesting UK checks and balances are so good, any lying or abuse on the part of the government or the security services would be reigned in by the Investigatory Powers Tribunal. I can't help but refer the honourable gentleman, as just one of many critical exhibits, to the JUSTICE all-party law reform and human rights organisation report of 2011, Freedom from Suspicion. They concluded (see the press release at the time for the short version):
  • Since RIPA came into force in 2000, there have been 20,000 interception warrants (e.g.secretly listening to phone calls and reading emails), more than 30,000 authorisations for directed surveillance (e.g. following someone in public), and more than 2.7 million requests for communications data (e.g. access to phone bills). The true extent of surveillance activity since 2000 is unknown because full numbers have never been published;
  • Of the nearly 3 million surveillance decisions taken by public bodies under RIPA since 2000, fewer than 5,000 (or 0.5%) were approved by a judge;
  • The highly secretive Investigatory Powers Tribunal, the main complaints body under RIPA, has only dealt with 1,100 complaints since RIPA began. In the last decade, it has only upheld ten complaints;
  • RIPA is poorly-drafted and lacks sufficient safeguards against abuse. This has contributed to the failure of the Metropolitan police to properly investigate phone-hacking, the illegal recording of privileged conversations between lawyers and clients, the spread of CCTV cameras, and the use of snooping powers by local authorities.
So his suggestion that the Investigatory Powers Tribunal's oversight regime is robust is, at least, questionable.

Michael Meacher then got his turn criticising RIPA which he considers so broadly drafted it enables governent to do whatever they like. He is also largely skeptical of the 'trust us' approach of government on surveillance matters since they have repeatedly been shown to have breached that trust. Malcolm Rifkind, chairman of the ISC (pro mass surveillance and a signed up member of 'it's not surveillance if it's only seen by computers' club) jumped up, apoplectic at Mr Meacher's claims that parliament has no say on who sat on the ISC. He neglected to say that parliament only got to say yes or no to the Prime Minister's picks for the committee. Mr Meacher with Dr Huppert's help then suggested the members of the ISC should be selected by parliament not the Prime Minister.

The Prime Minister also gets a veto on ISC reports, "can modify the report in any way he or she chooses and then publish it without any indication of the changes, or publish it in redacted form, or not publish it at all. That is not serious scrutiny."

Mr Rifkind (pro) got his official turn when Mr Meacher sat down. He couldn't help himself. He had to start by noting Edward Snowden now has a job working for a website in Russia but we were not allowed to know what the job was for security reasons. Unspoken - He has a job. In Russia. With Computers. Therefore he's a Russian spy. QED.

Mr Rifkind was adamant that the ISC do report to parliament under the "new legislation" (by which I assumed he meant the Justice & Security Act 2013) and the ISC is now newly constituted. Under these new regulations the Prime Minister won't get to select the chair. S/he will be elected by ISC members. The new rules also require intelligence services to supply "all information regarding nationally significant operations" to ISC. That's "a cultural revolution". Critics that claimed the ISC didn't know about the Tempora (GCHQ undersea fibre optic cables interception) programme did "not have the faintest idea whether the Committee was aware of programmes of any kind."

It is at this point that the honorable chairman of the ISC then demonstrated his serious misunderstanding of technology and its use. He declared that computers are clever and can sort data so 99.99% of it is never looked at. Therefore we are not subject to mass surveillance. To be fair to Mr Rifkind I will quote him in full on this:
"mass surveillance”. If that means anything, it is an accusation: the implication is that all our e-mails are or will be examined by GCHQ—as it chooses and by its own methods—as though something like that was now available. They seem totally to misunderstand or not to refer to the reality of what happens with modern technology, so in the brief time available, I will share with them what they ought to know. It is not secret, but is in the public domain.
Modern computers, which can indeed digest vast amounts of e-mails or communications data, are programmed to run using certain selectors, such as an e-mail address that might belong to a terrorist or some other information relating to terrorism. They are programmed to go through millions and millions of communications and to discard, without their having been looked at—no human eye looks at any of the e-mails—all those to which selectors are not attached.
Of the totality processed by computers, perhaps 0.01% will have selectors that the computer has been programmed to look for. The communications of the other 99.99%— covering virtually every citizen of this country, bar a very small number—are never even looked at by the computer, other than in relation to a selector, such as an e-mail address. Even for the tiny minority identified by the computers as potentially relevant to terrorism, if GCHQ, MI5 or MI6 want to read the content of any of the e-mails, they have to go to the Secretary of State for permission. Under the law, only if they are given permission can the content be read.
To say that we are living in a mass surveillance society is to make a wonderful allegation that sounds vaguely sinister, but the reality is that the e-mails of pretty well everyone in the Chamber are not being intercepted or read."
Ok some comments and questions for Mr Rifkind -
  •  "Modern computers... are programmed to run using certain selectors" - who programs the computers and what are the specific 'selectors'/filters? Who decides what the selectors should be? Who decides who decides what the selectors should be? The chair of the ISC doesn't understand computers, so how can he effectively and his committee scrutinise the technical aspects of this work? How do you measure the efficacy of these filters given it is widely known in the tech community how ineffective electronic filters can be? How, when someone is tagged as suspicious via these secret algorithms, does the information on that individual then get further processed? What happens when someone is wrongly tagged and how do they retrieve their innocence and clean bill of electronic health? Are you aware of the nature of false negative results and false positive results?
  • do you really believe there is no interception of communications if the interception is only done by computers and not seen by a human being?
  • I'm going to do some very rough maths here in an attempt to explain the problem with your point that only 0.01% of communications data is looked at. 0.01% of 60 million people in the UK implicates 6000. Now the pattern flagging will be nowhere near as simple as that but just run with it as a crude estimate. We know from the deputy director of the NSA testifying before the House Judiciary Committee that you don't need to be a terrorist or have contact (deliberate or inadvertent) with a terrorist to be flagged as suspicious. The NSA (and presumably GCHQ?) is allowed to travel “three hops” from its targets – who could be people connected to people connected to people connected to you. 0.01% of the UK population or 6000 people are 2 degrees of separation from about 160,197,360 and 3 degrees of separation from over 26 billion others (about three and a half times the population of the world). Even limiting suspicion to two hops, your 0.01% of data on UK residents, Mr Rifkind, implicates more than 2.6 times the entire UK population, the equivalent of the more than 160,000,000 people in India are considered untouchable and dehumanized by the caste system. I'm not trying to equate the mass surveillance of affluent UK computer users with the plight of the poorest people in the world but just trying to give some idea of the numbers we are talking about here. So the question for Mr Rifkind is that, given that we are all suspects, who decides which suspects the intelligence services' limited resources should be deployed to further investigate and pursue, once the computer algorithms have worked their magic? 
Mr Rifkind, you are absolutely right that the intelligence services have more important things to be doing than looking at data not "directly relevant to a terrorist threat or serious crime." However these gigantic data haystacks will put everyone 3 degrees of separation from multiple terrorist threats or serious crimes. Intelligence services and public officials with access to this data will have the capacity to deeply mine anyone's digital life once an algorithmic flag of suspicion is raised, even if they don't have the capacity to do so with everyone. That should give you pause for thought as to whether the "revolution in oversight" you have such faith in will be up to the task of controlling the mass surveillance monster that has been unleashed.

Could I also remind you that as long ago as 1765 Lord Justice Camden declared personal communications to be one’s “dearest property” and mass data collection fishing expeditions to be at odds with the rule of law.

Not only that but better intelligence, crime detection and prevention will be done through intelligent, targeted, proportionate, meta data collection & analysis; and intelligence led, targeted substantial content acquisition. The blanket collection and retention of data you currently seem to support will just allow the real criminals to lose themselves in the electronic noise whilst the security services are run ragged chasing innumerable false leads.

Part 3 of my thoughts on the UK parliament surveillance debate is now here.

No comments: