Monday, February 18, 2013

CDB and the need for better technology narratives

I've had a response from my MP, Nicola Blackwood, to my email of 11 January, drawing her attention to the report of the Joint Select Committee on the Draft Communications Data Bill. Basically she tows the party line, repeating the Home Office spin which she appears to find convincing. I have further responded to Ms Blackwood this morning.  

Academics and tech experts have to get better at explaining the realities of technology to policymakers. It is not just the politicians that are failing badly in this arena.

Even the Head of MI5 is on record as saying the snoopers' charter rests on "pretty heroic assumptions" yet the Home Office plows on with the same unchanging fictions because we can't get traction for a better, more accurate and nuanced narrative.Maybe we need a centre for the public understanding of and engagement with technology? Including a team of dedicated storytellers exclusively focused on educating policymakers and the public through better technology narratives.

A copy of the exchange with Ms Blackwood is below.
Dear Nicola,

No, I'm not reassured.

I understand you will be under pressure to take the party line on this but the narrative being spun by ministers and the Home Office does not stand up to any kind of evidence based scrutiny. There is a long technology loaded answer to your response and a shorter narrative version.  Let me try the latter since I realise your time is limited and the Home Office story has been well dissected via evidence to the Joint Committee.

Yes law enforcement and security services need to be able to move with the times and through targeted data preservation regimes - not a mass surveillance regime - engage in technological surveillance of individuals about whom they have reasonable cause to harbor suspicion. That is not the same as building an infrastructure of mass surveillance.

When the automobile came along the security services did not put a man in every car in case it might be used in committing a crime. They learned to drive. Law enforcement and security services need to hire more computer technology experts. You cannot cure a law enforcement and security services skills deficit by hoping mandated mass surveillance technology will somehow magically point out the bad guys. Real computers don't work the way they do in Hollywood films or TV crime dramas.

We already live in the most spied upon society in the history of the planet. The Home Office are complaining, like a petulant child, that it's not fair that they don't have access to the ocean of personal data flowing around the internet. So they stamp their feet and scream they want it and more. And they are going to get it not by hiring technology experts but by building (or forcing telcos to build) a magic machine that gives it to them. Sadly, when you strip away all the spin that is level of analysis you are dealing with here.

It will cost billions and not only will it not cure the crime fighting problem it will make the situation worse and create all kinds of other problems.

The 9/11 attackers were known to the FBI prior to the event. They were not picked up because the law enforcement authorities were so swamped with data about suspected bad guys that the 9/11 attackers didn't surface as a priority group. Crime and terrorism detection is a needle in a haystack problem. You don't find the needle by throwing more data hay on the stack. By making every internet using member of the population a suspect - by mandating total personal data retention - you make the security services' and law enforcement authorities' jobs more difficult not less so. The resultant industrial scale pursuit of false leads will be bad for everyone apart from the criminals cute enough to hide behind the relentless electronic data noise.

When people like Ross Anderson, Caspar Bowden, Peter Sommer,  Duncan Campbell - people with a deep understanding of computing and network technologies - are telling the government that the Communications Data Bill is a really bad idea, then they rather than ministers - not best known for their proficiency with technology - are the ones you should be listening to. Ross et al are emphatically not saying we should not use technology for crime detection and prevention, rather that we should use it and we should do so intelligently. If you have £billions to spend then spend it on building tech savvy law enforcement and security services not mandated dangerous mass surveillance infrastructure.


From: BLACKWOOD, Nicola
Dear Mr Corrigan,
Thank you for contacting me regarding communications data, and I do apologise for the delay in my response. I know you have previously shared with me the response you gave to the Joint Committee consultation on this issue, and I am grateful to you for taking the time to contact me further.

As someone who regards themselves as a libertarian, I do appreciate your concerns on this issue. Having said that, there has been some confusion about the actual extent of the Government’s proposals in this Bill. Clearly no one wants a ‘Big Brother’-style attempt to open up the content of private individuals’ communications. Instead, any changes should be aimed at protecting the current, long-standing ability of police and security services to gather crucial information about communications between suspects across the multiple new forms of online and telecoms media, while striking the delicate balance between privacy and security.

Ministers tell me that legislative change in this area is necessary to maintain national security and protect the public in the face of changing technological circumstances, whilst continuing to protect and uphold civil liberties. In short, security services must be able to move with the times to maintain their ability to gather vital intelligence, without which public freedoms are at risk.

The communications data at issue includes, for example,  the identity of participants in a communication and when it took place, not the content of their conversation. This data can already be collected from phone records, and has been a crucial element of many police investigations by linking suspects, disproving alibis and so on.

Of course, access to data of this kind is an important tool for law enforcement, especially when dealing with organised crime gangs, paedophile rings and terrorist groups, and it has played a role in every major counter-terrorism operation by the security services and in 95 per cent of all serious organised crime investigations.

With communications technology rapidly changing, I understand that criminal and terrorist activity is increasingly moving away from landline and mobile telephone communications to the internet, including voice over internet services, like Skype, and instant messaging services. Ministers estimate that security services are now only able to access some 75% of the total communications data generated in this country, compared with 90% in 2006.

In matters of intelligence, where information is so precious, I think the Home Office is right to highlight the problem of diminished access, and I think we need to be debating all reasonable steps to ensure that the people who are employed to protect the British public are properly equipped to do so.

There is further information about the proposed use of communications data available on the Home Office website at

Given the pace of technological change, our future capability is uncertain. Ministers tell me that this is why, in the Government’s Strategic Defence and Security Review, published in October 2010 and available online at, a commitment was made to ‘introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain data and to intercept communications within the appropriate legal framework’. It was also made clear that in seeking to ensure our law enforcement agencies continue to retain capabilities to protect us from harm, civil liberties would be respected and protected.

I understand that the Government therefore proposes to require internet companies to collect and store certain additional information, such as whom an individual has contacted and when, which they may not collect at present. As I have outlined, this information would show the context, but not the content, of communications, which would extend the arrangements which currently apply to telephone conversations to online communications.

Under the proposals, the data collected would be available only to designated senior officers, on a case-by-case basis, authorised under the Regulation of Investigatory Powers Act, and the process will be overseen by the Interception of Communications Commissioner. It would be available only if it is necessary and proportionate to a criminal investigation.

I hope you may be reassured that, unlike under the previous Government’s proposals, there would be no government database and the data recorded would be strictly limited and regulated and will be destroyed after a year. The police and security services would not be able to intercept the content of calls and emails, except as they already do, when it is necessary as part of an investigation relating to serious crime or national security and only when they had obtained a warrant signed by a Secretary of State.

I have written to the Home Secretary to pass on constituents’ concerns on this issue following the publication of the report of the Joint Committee on the Draft Communications Data Bill, and I shall of course be pleased to pass on any substantive response I receive in due course.

Thank you once again for contacting me and for your patience in awaiting this response, and I hope this is helpful.

Kind regards,


-----Original Message-----
Dear Ms Blackwood,
I hope you’ve had a good Christmas and New Year holiday.

You will be aware the Joint Committee on the Communications Data Bill (or Snoopers’ Charter) published its report last month. Copy available at
The Joint Committee say the draft Bill pays “insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should.” They are also extremely critical of the Home Office, highlighting their lack of consultation and labelling their figures “fanciful and misleading.” Additionally they find the Home Office estimate of £1.8 billion in relation to the implementation of the Bill likely to be exceeded  “by a considerable margin.”

It seems very clear therefore that the Communications Data Bill should be dropped. The report would in its entirety suggest the need for a fundamental, full and public review of digital surveillance. Nevertheless in the first instance I would just request that you encourage the Home Office to drop the Communications Data Bill.

Thank you,

Ray Corrigan