Friday, March 01, 2013

Security Minister on CDB

My MP Nicola Blackwood has had a response from Home Office Security Minister, James Brokenshire, to her -
"letter of 7 February to the Home Secretary on behalf of your constituents who wrote to you to express concern about proposals for the collection and retention of communications data."
Ms Blackwood posted me a hard copy of Mr Brokenshire's letter, a scan of which I include below.
Excuse the formatting. We're locked into Microsoft imaging files with the scanners in the office and Blogger and Microsoft don't play nicely.

The letter is largely a repeat of the usual distorted, evidence-free, political justifications for the Communications Data Bill. Starting at paragraph 2 he re-iterates the "communications data is the context not the content of a communication". If he read Peter Sommer's written submission (starting at page 412) and followed his oral evidence to the Joint Select Committee on the Communications Data Bill he'd realise what a meaningless claim this is nowadays. If he has read and understood Prof Sommer's evidence then he is being deliberately misleading here. If he hasn't read and/or understood it then he is not doing his job.

Paragraphs 3 & 4 highlight the Data Retention Regulations, regulations arising from the Data Retention directive which the UK government actively pushed through the EU and which has been challenged on constitutional grounds in several EU jurisdictions.

Paragraph 5 is the standard claim that the police need comms data to catch terrorists. As I've said before, law enforcement need, through targeted data preservation regimes, to engage in technological surveillance of individuals about whom they have reasonable cause to harbor suspicion; said surveillance to be carried out, as the Intelligence & Security Committee said in their special report on the CDB, in carefully controlled circumstances and with appropriate authorisation. That is not the same as building an infrastructure of mass surveillance, in parallel with a continuing absence of the widespread human intelligence and institutional skill sets required to be able to understand or deal with the technology or the avalanche of data noise the CDB would generate. And subcontracting the technological operations to the private sector without a deep institutional criminal justice system understanding of the technology and the digital forensics is reckless and dangerous for society.

Paragraph 6 of Mr Brokenshires's letter says the Regulation of Investigatory Powers Act (RIPA) ensures comms data use by approved authorities is above board. I won't comment on this other than to say the proportionality of the RIPA powers has been repeatedly questioned, as indeed has the Interception Commissioner's oversight of the operation of RIPA.

Paragraphs 7 and 8 say "its not fair" - the technology is moving fast, there's loads of useful data and police and intelligence services can't get at it. Well get this - you do not make their job easier by building an infrastructure of mass surveillance with compulsory back doors for government and run by the private sector which "may do so from abroad". Architected back doors intended for government access become nice big security holes for tech savvy attackers with nefarious intent. And swamping your technically challenged law enforcement services with mountains of data noise, necessitating the target based mass pursuit of false leads, will make their job harder not easier. Sure they need the tools to do high tech surveillance but they need the skills to do it too, in intelligent targeted ways and in accordance with properly constituted oversight and due legal process.  International telcos are not, no matter how much the government believe they can or want them to, I repeat not going to create magic digital surveillance machines which work perfectly and magically point out the bad guys every time; leaving law enforcement with the simple task of picking up the miscreants and sticking the handcuffs on.

This stuff is too important to be left to the Blair era 'fix it with a £billion magic computer/database' mentality (without ever specifying what the 'it' actually is).

Paragraph 9 trots out the old favorite "It is the first duty of Government to protect the public." That lazy sound bite is repeatedly rolled out to justify liberty bashing laws and government actions but is a paternalistic fiction. In the UK under the Magna Carta the first duty of government is, as I understand it though I'm not a constitutional lawyer, to protect the freedom of the English church.
"FIRST, THAT WE HAVE GRANTED TO GOD, and by this present charter have confirmed for us and our heirs in perpetuity, that the English Church shall be free, and shall have its rights undiminished, and its liberties unimpaired...This freedom we shall observe ourselves, and desire to be observed in good faith by our heirs in perpetuity."
In the US the first duty of government is to protect the US Constitution and the Bill of Rights. Both the UK and US governments have a duty to protect the public from arbitrary, unrestrained, government authority.

The final three paragraphs of Mr Brokeshire's letter refer briefly to the Report of the Joint Committee on the Draft Communications Data Bill and the Intelligence & Security Committee report on same. He makes no mention of the scathing criticisms of the committees but does state clearly that:
"The Home Office has considered the Joint Committee's recommendations carefully and accepts the substance of them all."
Strangely he doesn't make any mention of accepting the ISC's recommedations. What accepting the substance of all the recommendations actually means in practice we will have to wait and see but the CDB is currently being redrafted and
"the Home Office is engaging with interested parties on our revised proposals."
In a separate letter to the Open Rights Group following the publication of the Joint Committee report in December, Mr Brokenshire said:
"The Committees have highlighted the need for further consultation, particularly with communication service providers, but with others too and we will be taking this forward."
I may not have been paying enough attention due to the pressure of other things and the last milestone I noted on this was the official publication of the ISC report on the 5th February but has anyone any further information on who, aside from the CSPs, the "interested parties" and "others too" might be?