Across the world, intelligence and law enforcement agencies are lobbying governments to introduce ever more Draconian digital surveillance laws. In the UK, the controversial Investigatory Powers Act (commonly known as the Snoopers’ Charter) was recently passed into law, despite opposition from civil liberties groups, academics, journalists, the tech industry, communications providers and a (regrettably small) number of Parliamentarians.
The Act puts the UK population under a greater state surveillance than any other democracy in the world (greater, indeed, than quite a few dictatorships). Most controversially, it legalizes what is effectively blanket digital surveillance of the entire population – euphemistically termed “bulk collection powers” – as well as giving authorities the right to demand companies and individuals to decrypt data on request. It also lets them hack into systems should that be deemed necessary..
Of course, we know from the Edward Snowden leaks in 2013 that US and UK intelligence agencies were already capturing and bulk-analyzing private internet communications and traffic illegally, as well as hacking into private and commercial systems and networks. Part of the purpose of the Act, it seems, was to allow UK intelligence organization GCHQ to continue such activities without falling foul of the law…
Living In A Snooper’s Paradise
Mobile telecommunication carriers and internet service providers will be required to keep a year’s worth of records of all transactions and data passing across their systems. Authorities are free to trawl through all this data en masse. This will include everybody’s web searches, websites visited, who (and when) they’re calling, emailing, texting, messaging and networking with; the social media habits; any messageboards and forums they frequent as well as correlating this with other datasets such as NHS records and location data.
The data can be used by intelligence and law enforcement agencies for “fishing expeditions”, as well as by other government bodies such as HM Revenue and Customs and the Department of Work and Pensions.
Although ministerial approval and judicial warrants will be required to access the content of any suspects’ private messages and interactions, it’s unlikely permissions will be hard to obtain. Moreover, given the big data analytics capabilities increasingly at their disposal, agencies will be able to search, correlate and perform analytics on everyone’s data and metadata without recourse to anyone. Information can also be correlated with other datasets such as NHS records, CCTV footage etc. As well as being a clear invasion of people’s privacy, such broad-sweep techniques are bound to throw up many false positives.
Other Western nations are trying to push through similar legislation, including Germany and Canada. In the US, President Trump may well also want to follow suit. Meanwhile, authoritarian regimes such as China are already citing the UK law as justification for extending their own surveillance and censorship capabilities, which are used primarily to suppress political dissidents and prevent the spread of information from sources other than state propagandists.
Is The ‘Terror Threat’ A Smoke Screen?
Proponents of the Snooper’s Charter (and similar legislation elsewhere) argue such powers are necessary to keep the threat of terrorism in check. They contend that we need to give up our privacy in return for greater security and “if you’ve nothing to hide, you’ve nothing to fear”.
But opponents are worried that the government’s refusal to accept proposed amendments that would have introduced more privacy safeguards, and made it clear such powers could only be used to protect national security, leave the door open for far more intrusive and sinister state surveillance. They argue that bulk data collection and analysis is ill-conceived and disproportionate. In December, the European Court of Justice (CJEU) agreed, ruling the Act is unlawful in its current form. The Government is appealing, although once the UK has left the European Union it will no longer be subject to CJEU rulings.
Ironically, the powers are likely to have only a minimal effect when it comes to detecting terrorist threats or serious crimes. In fact, they could leave private citizens and legitimate organizations at far greater risk, since it has been shown people are less likely to search for information on topics such as hacking and encryption for fear of being flagged up as potential criminal suspects. This is likely to leave many in the dark about the threats they face and how best to protect themselves.
It is still perfectly legal to encrypt all your data while in storage and transit, and there has already been a spike in VPN take-up since the Act came into force. Terrorist groups and organized crime will inevitably turn to strong encryption and other anonymizing technologies such as TOR, most of which are perfectly legal (and indeed, need to remain so if legitimate online business is to remain secure). As the inventor of PGP encryption Phil Zimmermann wrote more than 25 years ago: “If privacy is outlawed, only outlaws will have privacy.”
Keep Up The Fight For Privacy
Fortunately, there are a number of steps you can take as an individual or an organization to help the fight against invasive surveillance to ensure your data can’t be trawled by any snoopers:
- Support organizations that are fighting against such proposals. In the UK that includes the Don’t Spy On Us coalition, the Open Rights Group, Liberty and Big Brother Watch. Internationally, the US-based Electronic Frontier Foundation (EFF) has long been the most prominent campaigner for digital rights, while UK-based Privacy International also has a substantial track record of exposing and campaigning against privacy abuses worldwide. Other nations have their own country-specific campaign groups.
- Put continual pressure your representatives in government to oppose further moves that will undermine online privacy and security, or reverse any already in place.
- Support tech industry and open source initiatives to build strong encryption into applications, communications technologies and internet-connected devices by default.
- Use VPNs and encryption to protect your network traffic, communications and data from snoopers.
- Oppose any government efforts that could weaken encryption and internet security for everybody, such as mandating manufacturers and developers build ‘backdoors’ into encryption and communication systems.
- Educate yourself on the technical, social and political issues – and help explain them to others.