Every UK citizen will soon be subjected to the same scrutiny reserved for terrorists and child p-rnographers, with the UK Home Office proposing laws that will force telcos and internet service providers to retain every single byte of communications data of every internet and phone user.
The legislation, known as the Communications Capabilities Development Program, which is expected to be announced in the Queen’s speech next month, will enable the UK’s police and intelligence agencies to siphon every email, phone call and website visited without a warrant or court order.
Using a internet traffic analysis process that is already utilised in Iran, Syria and China, known as “deep packet inspection”, the CCDP would allow the GCHQ to determine which particular kind of internet traffic is using which protocol (e.g. email, internet telephony such as Skype, torrents, etc.). Once collected, intelligence analysts and police will be able to beachcomb to their heart’s content.
The UK Home Office has maintained that no centralised database will be created to store this ocean of data; that only traffic “data”, not “content” will be collected — such as transactional information that includes details of websites visited, access times and which email addresses were used in a communication between individuals.
Considering how detailed such tapestries of online information become, making the distinction between “data” and “content” makes the Home Office look disingenuous at best.
There are already ample avenues for UK law enforcement to intercept communications data, none of which have meaningful oversight. The Regulation of Investigatory Powers Act (RIPA) allows UK agencies to collect data from ISPs with the approval of the Interception of Communications Commissioner, who is appointed by the MI5 — hardly an impartial member of the judiciary.
The EU Data Retention directive, which came into force in 2006, authorises the storage and interception of telco data, including phone calls. For UK police and intelligence agencies, however, neither the RIPO Act nor the Data Retention Directive encompass data emanating from third-party web giants such as Facebook, Google and Twitter, where arguably much of the action is.
Recent news reports from the UK indicated that ranking members of GCHQ lamenting over data traffic such as internet telephony being currently out of reach to Her Majesty’s listening post.
Traffic data is revealing enough to form a comprehensive mosaic of an individual’s life, but communications content remains the hardest shell to crack for GCHQ — especially if citizens are savvy enough to encrypt their emails and access the web from a virtual private network, or anonymisation tools such as Tor.
Such consideration raise pertinent questions: how will all this data be decrypted? Furthermore, how will ISPs be expected to acquiesce, and at what financial cost to the taxpayer and customer?
Clearly, the trend towards surveillance law harmonisation is continuing apace. In the United States, the currently proposed CISPA (Cyber Intelligence Sharing and Protection Act) bill will allow every US internet pipe to flow back to the Pentagon, and will allow private companies and US intelligence to share and compare citizen internet data.
In Australia, the proposed data retention legislation originally drafted by then-attorney general Robert McClelland in 2011, the Cybercrime Legislation Amendment Bill, currently before Senate, does not even make the distinction between traffic data and content of communications when they are intercepted by domestic agencies. Unlike the CCDP, Australia’s data retention bill extends further to allow any Commonwealth agency to order intercepts. To their credit, Australian internet service providers have publicly baulked at the impending burden to be placed on them to enforce such a law.
The common seam running through all such proposed law is the dogged effort to bypass the court system, which often slows down the interception process with warrants. Such attempts at policing the internet ultimately sidestep the probable cause principle, which underpins every legal system in a democratic society.
The reaction to the CCDP proposal in the UK has unsurprisingly been met with strong and creative resistance. More than 136,000 people have already signed a petition imploring David Cameron to drop it. In wry attempt at online activism, a British man has requested UK Home Secretary Theresa May’s internet history via the Freedom of Information Act.
No doubt there will be plenty more debate aired before the CCDP is formally announced from the throne.
*Stella Gray is a journalism student based in Sydney.
Flips switch on anonymizer to on, permanently. It doesn’t make it impossible, but it makes them work harder. Harder means they have to spend more to find out that in fact I’m doing nothing that would interest them.
and the first amendment to the legislation will be to outlaw anonymizer programs and providers – just like in China! Won’t that be a day to celebrate Edward James?
It isn’t actually a program, but a way of configuring a connection. You couldn’t even ban the site because of the way it works. While there are countries that allow it anyone can do it. The trouble will come in the time when “what do you have to hide” comes into play, along with playing the ‘wont someone think of the children’ card. I see the terrorism card is already getting played.