Thursday, November 15, 2012

B2fxxx turns ten today

B2fxxx is ten today.

I started posting here in November 2002, under a pseudonym, to provoke discussions amongst my internet law students about contemporary issues and cases that hadn't made it into the original course materials.

Day 1, 15th November, 2002, covered:
  • A movie executive believing movie piracy deserves as much attention as the war on terrorism; claiming the film making business would be dead within three years. 
  • Princeton professor, Ed Felten, suspending daily entries in his 'Fritz's Hit List', where he listed examples of the kind of things which would need copyright protection built in, if the then proposed Consumer Broadband Digital Television Protection Act (CBDTPA) ever became law in the US. It included digital dog collars, sat navs, cockpit voice recorders,a remote controlled fart machine, baby monitors, Barbie toys, robot dogs and many others.
  • UNESCO's then Information Society Division director Philippe Quéau's worries about telecoms monopolies.
  • An American Library Association conference on the USA/PATRIOT Act
  • The risks ethical hackers could be exposed to in helping the FBI track down child abusers.
All of those generic issues are still live (not the CBDTA specifically, about which the EFF did a terrific parody song at the time, but it has been regularly resurrected and partly implemented in various forms in different jurisdictions and international instruments in the course of the ensuing decade).

The blog very quickly became too useful as a personal notebook and I dropped the pseudonym.

This is my 4504th post here with the peak years, quantitatively at least, being 2005, 2006 and 2007 which saw 934, 921, and 718 contributions respectively. Last year was down to 64.

The site has had a relatively small and eclectic readership with, if the Blogger and Sitemeter statistics are to be believed, visitors (or bots) from well over a hundred countries, today headed up by the US, followed by Norway and then the UK, Russia and Ukraine.

I've been largely focussed on digital rights and education, but have strayed into football and pretty much anything else that's piqued an interest. If you have dropped in, thank you and if you've come back thanks again. Hopefully you've found something useful, engaging or thought provoking, at least in the material I've pointed to.

In that spirit and particularly if you're a digital rights junkie, could I emphasise the importance again of the oral evidence given by Caspar Bowden and Duncan Campbell to the Joint Committee conducting pre-legislative scrutiny of the draft Communications Data Bill. Caspar Bowden's written evidence (pp73 - 92) is also essential reading, as is that of the Open Rights Group (pp358 -373), Peter Sommer (pp 433 - 449), the Information Commissioner (pp504 -511), Ross Anderson (516 - 518) and the Foundation for Information Policy Research ((pp146 - 151).

Some highights from Caspar Bowden's oral evidence to the committee on the 30th of October:
Caspar Bowden: ... I think the Committee should be clear that this proposal for ISPs to log websites visited is intrusive and, frankly, it lacks a legal basis. There is no basis for doing this currently, as I understand it, under UK laws or secondary legislation that has currently been enacted, nor is there any legal basis for doing this under the European data retention.
Dr Huppert: So the IP data can be done without the legislation and the weblogging, you say, is very hard to do.
Caspar Bowden: I think it is legally hard and in terms of human rights it is hard, because if I understand your point correctly, it is about whether we take the premise of Clause 1: that there shall be blanket retention for everybody in the country of certain categories of data. That is still extremely problematic in human rights terms, so I would want to refocus the question on whether the fundamental methodology is collecting data about people about which there is reason to collect—whether there is some basis of suspicion, whether they are in vulnerable groups. To take a rough figure, it is about whether we are talking about 1% of the population, as opposed to recording data about 100% of the population. That seems to me the essential principle at stake.
Mr Brown: Have any of you given any thought to what elements might be involved in post-legislative scrutiny arrangements were we to recommend such a thing?
Caspar Bowden: ...
I think that I would like to see a much closer connection between Parliament and the oversight and continuous review of any internet surveillance legislation. In particular, in my written evidence, I made reference to a recent European Parliament report that did a comparative analysis of different countries, how they have set up their oversight machinery and their relationship to Parliament. The UK did particularly poorly in that; the European report was very critical of, shall we say, too close links between the oversight role and the executive. That seems to me a syndrome that we indeed have.
Caspar Bowden: ... I have referred to a problem in my written evidence that I call “schizoid jurisdiction”. This occurs when an international provider decides to respond, say, to a RIPA Part 1, Chapter 2 request or demand for communications data and they fulfil this through their local office and they give this to the local law enforcement agency, exactly as would occur with a domestic communications service provider. But when a data subject—an individual—makes a request to exercise their privacy or data protection rights, then the company will say, “Oh no, I am sorry. That data was transferred to the United States”, and now falls under something like the Safe Harbor Agreement where, in practice, the individual’s rights are much less.
Caspar Bowden: ... I think what we are asking is for law enforcement to look at their task progressively in a different way, which is instead of assuming that somehow there can be blanket recording of this data about the entire population, it is going to be more of a question of beginning, as it were, with the threads that are available and then developing an investigation. You would widen the circle of interest and cumulatively broaden the use of the powers of preservation until you were in a position to acquire the evidence and intelligence you need. This could be something of an upheaval for the way law enforcement has proceeded so far and I think this must be accepted, but honestly, we have to give data preservation a chance. We have to develop a credible regime with which law enforcement can live to try and make this work before we go to the stage of saying that somehow it is acceptable to perform this blanket preservation on everybody in the entire country.
I will offer, perhaps, a slightly dramatic example of how far we have come in 10 or 15 years. In communist Albania, the secret police, the Sigurimi, used to have a ritual where every year they would require every citizen to come and have a chat with their secret police. Each person would be required to co-operate in building what was called a “biografi”. This was, as it were, a personal dossier in which they would have to record all of their social relationships, social contacts and main meetings that had happened to them over the previous year. In terms of the way we live our lives now, particularly the way in which social relationships are expressed, through the internet, we are effectively allowing the Home Office to build a biography on everybody in the country on their pattern of social relationships and on the fabric of everyday life. It seems to me, just taking a step back, it is extraordinary that we have got to this situation at all and we are even contemplating it.
Craig Whittaker: Mr Bowden, can you honestly believe for one minute, though, we are talking about an Albania situation here in the UK? We are not talking about building a profile. We are talking about securely storing information. The profile-building, if you will, will be in the access and the safeguards put in place to get that access. I think that is a little bit scaremongering, from that point of view.
Caspar Bowden: With respect, not. Look at the testimony of William Binney; I also referred to in my written evidence, and his video to a hacker conference in New York is available online. William Binney was a senior National Security Agency engineer who has now become a whistleblower, objecting to these types of practices conducted in the US. The technology that he, as a senior engineer, was building 10 years ago was in fact precisely an automated biography file; it was not merely a question of leaving this data passively in place. And there is a direct correspondence between the sort of machinery that he engineered 10 years ago and what is proposed in the filter. Of course, it depends exactly how the filter is going to be implemented and what lies behind the filter, but I do not think it is correct to
imagine that somehow these are, as it were, passive piles of data sitting around. Even if that was the case, there is certainly case law at the European Court of Human Rights to show that blanket retention of this kind of data, particularly if it is going to be used for pattern analysis and traffic analysis, is well beyond what the European Court has tolerated so far.
Baroness Cohen of Pimlico: If we could get the subscriber data definition satisfactory, you would not feel that needed a magistrate. You would be happy with a SPOC doing that. I do not mean to put words in your mouth; I am trying to check.
Caspar Bowden: With other qualifications, that is broadly my position, because I think that represents something that is doable. That would have to be done, in my opinion, with a move towards a preservation methodology by law enforcement.
Stephen Mosley: We have heard diametrically opposed views on the filter. On the one hand, I know, Mr Bowden, you have described it as a “hyper-Orwellian menace”, while the Home Office would let us believe it is a way of protecting people’s privacy by eliminating people who they are not interested in. I guess it could be either, depending on how it is used, so the oversight and the control of the filter is going to be incredibly important. What kind of oversight do you think the filter should have to ensure the protection of people’s privacy?
Caspar Bowden: Perhaps it will not surprise the Committee to say that I do not think the filter should be built under any circumstances for domestic surveillance. It is understood that GCHQ have had these sorts of capabilities for many years for international communications, but I simply think that the kind of capabilities described in the filter are intrinsically incompatible with a modern democratic society—on the basis of blanket data retention, you understand. If we are talking about preservation of data about designated targets, where for each designated target there is a reason and a justification—even if that is a reasonable belief or a reasonable suspicion—that is still a far smaller 1% of data than one would be talking about on the basis of blanket retention. But for anything to do with the so-called filter—I would call it data mining—of particularly traffic data, which is so prejudicial to private and intimate life, I think safeguards and oversight are irrelevant. I just do not think it should be done in a democracy."
There is no doubt that targetted data preservation, on the basis of intelligence-informed reasonable suspicion, is far more useful from a security, intelligence and law enforcement perspective than blanket data retention. Mr Whittaker's umbrage at Caspar's comparison of UK proposals to the situation in Albania is one of the fundamental problems with trying to expose the dangers of this stuff. "How dare you compare us to despots" is the outraged response to a deeply informed, careful analysis, demonstrating the government are effectively proposing to build intimate digital profiles of the entire population. It becomes fingers in the ears, la la la, not listening time for some of the key characters who really have to understand what it is they are doing.

Some highlights from Duncan Campbell's evidence to the committee on 23rd October:
"Duncan Campbell: I found it difficult to hear the Home Office complaining of unfairness when what they are putting forward to Parliament and this Committee is something that has really been stewing around for at least 10 years, being pushed forward in various ways, and yet when the witnesses come here it seems that no one in the telcos knows what they plan to do or how they will implement it. I was also gravely concerned that Mr Farr in his evidence, and within almost his first interchange with Mr Ellis, completely misled the Committee about the situation with communications data. I put a note in to expound on this should it be necessary, but the statement that 30 years ago BT was collecting communications data, and the implication that they will now not be making that sort of information as available, is the exact opposite of the truth. So, he is extremely badly informed, and passing on poor information and misrepresenting the situation as it is seen now in terms of the amount of information that is available, which has been increasing. It has been increasing as devices become available and new forms of data, for example location and cell-site analysis, come into the system. So I see the Home Office as having mis-served itself very badly from the very title of the presentation of the Bill as remedying a gap. No, they are not. Perhaps proportionately there are things that could be done, areas that can be addressed, but they have left themselves wide open to this accusation of it being a snoopers’ charter.
I would not quite endorse that title yet, because what they are creating, if Parliament were to give them the powers in this form, would really be a universal surveillance engine attached to the mass or all of the British internet. Now, what you do with it, and whether it does become a universal snooping engine, is withheld from us, because none of the orders, none of the codes of practice, none of the facilitating instructions, some of which may come to Parliament, some which may remain classified, are before us. So, again, given the degree of obscurity, the surveillance engine could be the snoopers’ charter or it could be reined in.
I would just, finally, say that the important point of human rights, which seems to have been overlooked in the way the Bill was drafted, has been formed. It has been formulated for us by the European Court and really supports the apprehension that perhaps is seen as coming too stridently from some journalists. “The mere existence”—and I am quoting now from the judgment—“of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all to whom the legislation may be applied. This threat necessarily strikes at freedom of communication between users,” which
is Henry’s point and I would absolutely and strongly endorse that for the special case of journalists seeking confidential sources and secure communications to them when those sources act and come in the public interest. The Court finally said the mere existence of legislation of this type is an interference with Article 8 rights irrespective of whether there were to be measures taken against an individual person. So that is a very powerful legislative Act, longstanding in the European jurisprudence, that really does go to help understand why epithets like “snoopers’ charter” have had widespread currency.
Duncan Campbell: ...What is it that my police colleagues would like to be bringing into court that they could get from communications data that they do not now get? There are relatively few things, given the richness of material from other sources, and if you take, for example, whether we can go to Skype, it has been laid out that there is a completely alternative route for going to Skype, so we do not need to worry about Skype in this context.
They have also eschewed looking at things that could be simply explained to Parliament and public. Way, way, back, 12 years ago, we were working on Chapter 2 of RIPA and soundings were taken, views were expressed, as to how you proportionately apply the surveillance of weblogs. Chapter 2 of RIPA does provide some powers, but it has never really been put into practice. Now, since the new provisions, excluding the additional filtering requirement, necessarily embrace all of that, that whole debate could have been laid out in the open. The Home Office could have briefed on it, they could have addressed the arguments that were put for both sides then, expressed a position, allowed Parliament to take its view and so on and so forth. So they have missed a lot of areas where, without needing to have recourse to national security considerations, they could have been open.
Lord Strasburger: I was going to ask you why you think the Home Office have got it so wrong.
Duncan Campbell: I think they have insulated themselves too much into a very small group that really only essentially talk to themselves and a few others, a few key engineers, and not sought to access even, perhaps, their own Ministers in getting an understanding of what might be required and what might be developed. They are operating in too small a world. I went myself to one of the Home Office briefings a couple of years ago when we were looking at the previous Bill and asked them to try to explain some simple points, and they struggled. They did not seem to know their brief and they did not seem to be very enthusiastic about learning their brief. It was very disappointing.
The Chairman: You said in your opening remarks, Mr Campbell, that there are areas that could be addressed. It would be helpful if you could elaborate on those for us, please.
Duncan Campbell: First of all, I referred to weblogs. Now, internet service providers do not routinely obtain a log of what happens when a user, any one of us, is using our browser. In fact, a very rich trail of information is generated, many entries per page, on your computer, and for a certain time it would also be held by the communications service provider. So a step that the Home Secretary could take is, by order, to have that data held. It would be huge; it would be difficult to process, but we all know what it is. It comes into the courts every day, because it is also found on suspects’ and defendants’ computers. So it is a kind of evidence that need attract no secrecy. The businesses do not want it because beyond, say, a few weeks to do an engineering study of whether your server is working, you absolutely do not want to store that kind of data. But there need be no secrecy about those kinds of records or how they might be filtered or how they might be used and, indeed, the previous debate on RIPA addressed that. I think Professor Anderson’s evidence also covered some points about that and probably Professor Sommer’s too.
Then there are those areas where the solutions cannot exist realistically. The Information Commissioner mentioned virtual private networks; I would agree with that. There is the problem of Tor. It is a problem from the point of view of UK law enforcement, but, although I did not put it in my CV, I go and work for the other side on occasions, in that respect, bringing the knowledge of what you can hide. I have done that quite specifically in support of the Syrian insurrection and people who are struggling to overthrow the Assad regime and, of course, they have high dependency on Tor, their lives are at risk and if this Government were to, by some method—and I think Tor would say it is impossible—make that not available to them, we would bring about a far greater deficit in human rights in other parts of the world.
You have things like Skype, which have set out a model that works if you address the mutual legal assistance treaty things, and I have seen products come into the courts from MLAT. It is effective; it is what you want; it is the communications data that is asked for. All of that is not being considered.
The Chairman: There are criticisms that MLAT is a bit slow.
Duncan Campbell: I have never seen MLAT work fast, but I think already comments have been made as to the way the Foreign Office could be encouraged to speed that up.
Lord Strasburger: You talk about the request filter. Is it the case, in your view, that the distributed database that this Bill foresees combined with the request filter is going to be any different from the centralised database that was proposed in previous legislation?
Duncan Campbell: It appears to be larger, notwithstanding that it is distributed. I say that because the centralised database would ingather the communication service providers’
records at the specified times and hold them nationally with, no doubt, automated access, and that is required to come into being by the first part of the Bill. So basically, you have the national database within the Bill anyway, save that it will be held, in this model, by the CSPs. You then layer onto that the DPI devices that will hang on the key points of the United Kingdom network and mine as yet unspecified classes of data, presumably into similar local databases, but they will, by their nature, have to be integrated nationally, and I think this was conceded by the Home Office witnesses. You are going to data match across things that you see in the content derived from different nodes on the internet with different companies in order to try to get a match to generate communications data. So, if that analysis is correct, this is the national database of the previous scheme plus the additional databases supporting the need to retrospectively look at, I would imagine, a year’s data taken from whatever the filtering system turned out to be. So, a bigger database.
Lord Strasburger: This is for Mr Campbell specifically. Back to the filter. We have had evidence querying whether the results from the filter will meet evidential standards. If you were working with defence counsel on a case that relied on filter results, how would you go about questioning the admissibility of evidence derived from the filter and the weight to be attached to it?
Duncan Campbell: Lord Strasburger, my expectation is that the courts would probably never get to see the kind of information passed out of the proposed request filter. I will explain why in a minute, but the obvious point that goes to is how useful this can really be for prosecutions. The evidence given specifically in Liberty v the United Kingdom was that we are not going to discuss filtering, it is too complicated, you will not understand it, it is all classified, and we are not going to reveal our methods. The main reason for doing that, I suspect, is that the driving problem—which they never quite admitted until they came here and said, “We are never going to get one in six communications”—is that they do not want people to figure out what it is that they cannot get, because, fairly obviously, the bad guys will navigate through that. So their clear position in Liberty v the United Kingdom was that they do not want to explain how filtering works and they are trying to protect not their strengths but their weaknesses.
Lord Strasburger: That was quite a long answer to a short question. Could I just try to distil that back and see if I have understood you correctly? You seem to be saying that, because the authorities are unwilling to disclose the mechanism behind the filter, it is not possible to validate the effectiveness of the filter and it is not possible, therefore, to put the evidence that falls out of it before the court in any meaningful way. Is that right?
Duncan Campbell: I believe they would not produce it in the first place, because they would foresee the issue of technical difficulties.
The Chairman: So whatever other use the Security Service or the police could make of a filter, using it is as evidence in court is unlikely to be one of its main functions.
Duncan Campbell: On the basis of as much information as we have as to how it would work, which is, of course, little, that is my view. ...
Duncan Campbell: ... It is fit, proper and necessary that interception of communications and processing of communications data be available as part of the armoury to combat all the things you have mentioned. That is not my problem with this Bill. My problem is that it is not fit for purpose. It has not been thought through and it is not going to work. Leaving aside human rights, we are required to test issues like proportionality and necessity, and, in this forum, we are also required to test value for money and technical efficacy...
Duncan Campbell: ...So once you have accepted... that there will always be the dark areas and that, therefore, the proper area for debate is fitness or proportionality, necessity—necessity given the other types of data that can be used in investigations—technical effectiveness—can it work—and cost efficiency. Then come all the human rights criteria—the fact that you do terrify people by creating powerful laws.
Duncan Campbell: In response to your question about senior officers signing on necessity and proportionality, that is necessary but it may not always be sufficient. I think, and some witnesses have put forward, that a much better scheme would be a multi-level surveillance authorisation, which, to some extent, already exists in terms of intrusive surveillance. That should be applied to the communications data schema, so that you have a signing off at higher levels or a warrant from sufficient authority, depending on the degree of intrusion involved. But these are the appropriate and necessary processes.
Just two minor points: although it was not required by law, the police sensibly adopted a scheme whereby assistant chief constables would be required to sign off on location data requests. They have dropped that now, but they saw the degree of intrusion necessary and they said, “A chief superintendant is not enough; we will go to ACPO rank.”
The other point I would make is that the European Court has required that the procedures for examining, using and storing gathered communications material should be in a form that is open to public scrutiny and knowledge, and along with authority that is an important part of the process.
Duncan Campbell: ...
I know there has been a well tested argument about bringing intercept data into the courts. I have seen it. I have worked on it when it comes from overseas jurisdictions, and it is very hard to understand the degree of resistance, except a sort of primal fear of letting the adversaries know that we cannot do some things. So you could really quite usefully do an overarching surveillance scheme with officers of different ranks, judges of different authorities, and a surveillance commission that would act as the check and balance on whether the wide remits on all fronts had been followed.
Duncan Campbell: ... Mr Brown’s point about the sensitivity of data and the risk it could leak would, in my view, flow largely from creating this database in advance or these databases that are required. Again, rather than the obscurantism of the Home Office approach, we can address this quite specifically in the case of weblogs. In my expert capacity, I have to sometimes look at weblogs that, when seized from computers, can sometimes go back years and years and, frankly, they terrify me. The intimacy with which you can see what somebody is doing, what somebody is thinking, you can infer when their attention has strayed from their partner to some other prospective sexual target—it is written there to be seen. Now, if that person is under that degree of surveillance, because their device has been seized by the police because of a suspicion, then you can at least see how that comes about, and the rest of the population can be reassured that is never going to come to pass unless officers do come through their door for whatever reason. If you move to what was envisaged under RIPA and which will be reconstructed here, then, at the very least, the big internet service providers are going to be asked to store that kind of data, although we have no clue as to the depth of knowledge, and that degree of intimacy. That means that, if anyone wants to go on a trawl, whether authorised or unauthorised, whether the purpose might be approved or not, they can trawl to see who has been accessing special clinics. They can trawl for who has been going to particular websites. They can trawl to draw up profiles and demographics just in the same way as Google does. Clearly, most or all of that would not be proportionate. How do you stop it? Do not do it in the first place. Stick to what you get on people’s computers.
Duncan Campbell: That is a concern with the filter. There is no detail, as ever. We start from ignorance, but it is, to my mind, inconceivable that the tasks anticipated for any filter could be done on data as it streams past. Therefore, what you are left with is the elephant in the room that surrounds this Bill, which is we must not call it a national database because that is what the last Government did. Therefore, database is avoided, but in fact database is essential.
I fear the Home Secretary has not been well served by her officials on this. One is not privy to what goes on, but the sense is, “Do not worry about this; it is all techie stuff you really do not need to know. Parliament does not need to bother its head. It is the big complex internet; we will sort it out.” Even if it was not this very sensitive and important area of legislation, what you look at with any knowledge of large public sector IT projects is massive expenditure, billions of pounds, on a future that is untested and on technology that seems incapable of being specified and that has not been described to the people whose equipment it will attach to. Let aside all of our other worries, the total gap in the information about how this will work means that there must be a very high probability that this will become yet the latest public sector, massive, cost-overrun IT boondoggle.
Duncan Campbell: I think this Bill is future-proof, but in the worst possible way. It is future-proof in the sense that the Home Secretary seeks to have the power to her and her successors, in the words of the Bill, to do anything they like once the universal surveillance engine is connected up to the entire national internet. So, for that reason, it is additionally terrifying.
The alternative would be to reset the mechanisms of surveillance and allow that there would need to be fluidity as new data sources came along. A surveillance commission, if that were to be recommended, with access to both human rights advocates and technical experts as well as senior judicial figures, could address that—and with as much transparency as possible, which is the opposite of where we are now. And it will not be Twitter that we will be talking about in six years’ time, it will be something completely new that no one has thought of now. So I do not think you can put in place a good future-proof Bill, but you could put in a transparent, thoughtful, representative system of reviewing how you adapt access to intercept and communications data as the technology changes."
What can I add except that this is incalculably important advice on and analysis of what is a really terrible bill.

The Open Rights Group, incidentally, are holding a joint event with Index on Censorship, on Saturday 24 November, 2pm - 6pm, at the Free Word Centre, Farringdon, London, to campaign against the Communications Data Bill. Author, activist, visiting senior lecturer and honorary graduate of the Open University, Cory Doctorow, is the headline speaker. Tickets are free and there will be other presentations by Liberty, Index, Big Brother Watch and FIPR plus workshops to explain the Bill.

No comments: