Technology may be changing, but should be moving further away from the basic principles of a democratic society as a result?
On the one hand, it’s argued this is an essential tool needed to protect national security. So surely the Government should have moved to ensure it is in place before the Olympics?
On the other hand, today it has been presented as a tweak to existing laws, updating them to reflect modern communications. Strange then that a technical legislative revision is being given prime billing in the Queen’s speech.
The Home Secretary and her ministers have been invisible, either incapable or unwilling to defend a policy that has caused concern and dismay from ordinary members of the public and civil liberties campaigners alike.
Many will be surprised that a Government supposedly committed to protecting civil liberties is discussing policies it branded as unacceptable when Labour were in power. Unfortunately, this is the latest such area of policy where the Home Office is presiding over such a U-Turn, following broken promises over the DNA Database and the powers officials have to enter our homes.
Indeed, we still do not know the full detail of the proposals, forced to rely on snippets leaked to newspapers or briefed out by concerned civil servants. While the Government believes if we have nothing to hide, we have nothing to fear, it seems that does not apply to their own policies. What we do know is that not only does this involve more data being retained, but ‘black boxes’ run by the security services being installed onto networks. Given that Google last year refused 37% of the applications made to it for user data, how will any check or balance operate when we have allowed the spooks to build a back-door into our communications networks.
The plans also carry an economic cost. The cost to businesses of storing vast quantities of data is not insignificant, while start-up companies may regard the burden as simply too great to bear, taking their innovation and jobs elsewhere.
Equally, service providers will be hit with new costs at a time when they are also being asked to invest in new, high-speed fibre optic and under this scheme, the greater the volume of data they carry, the greater the cost to their business. Investment, innovation and growth will all suffer.
Finally, it is far from clear that the policy will actually improve public safety, with serious threats driven underground and technical evasion becoming common place. Given the importance of encryption and private networks to ensuring data protection, it is unclear how this policy with deal with legitimate and necessary – and legal – measures to protect the privacy of communications.
While it is important to keep pace with internet connections arguably the most pressing issue for our security is the continued availability of unregistered, pre-pay mobile phones. As recognised in the 7/7 Inquest, increased surveillance does not automatically yield better results, and the way these ‘operational’ phones were used was found to render enhanced surveillance of little use in preventing the attack.
There is also the potential of a ‘honey pot’ effect, with foreign governments and malicious individuals focusing their energy on gaining sight of the data collected. Privacy and security do indeed go hand in hand.
Britain is already one of the most spied on countries off-line and this is a shameful attempt to watch everything we do online in the same way. The vast quantities of data that would be collected would arguably make it harder for the security services to find threats before a crime is committed, and involve a wholesale invasion of all our privacy online that is hugely disproportionate and wholly unnecessary.
Freedom of speech and association requires the ability to communicate in private. Logging who you are talking to, when, for how long and where is the kind of monitoring that chills freedoms, not defends them.
In a democratic society, it is not for innocent civilians to justify why the Government should not spy on them.
With a perfect storm of security, child protection and sexualisation and copyright enforcement we may be sleepwalking into the end of freedom online as we know it.
Deep Packet Inspection (DPI) may sound like something you definitely don’t want to hear your GP say, but the reality is arguably far worse.
The legal action against file sharing site Newzbin2 was the first large-scale legal action of its kind, and resulted in a legal order mandating BT to block its customers from accessing the site.
There are various ways of achieving this, from simply blocking the web address to more complex technical methods. But the question of key concern is whether BT should be able to inspect everything you see and do online to ensure that you’re not looking at a website.
In other words, is the price for copyright enforcement our privacy?
According to the Honourable Mr Justice Arnold, BT not only should be able to see every detail of what we do online, but the court expects it to look.
In section 6 of his ruling of the 26 October, Arnold says BT’s Cleanfeed technology should be used to stop users accessing the site, believing Cleanfeed involves “a two-stage system of IP address re-routing and DPI-based URL blocking.”
In human-speak, this means looking at the digital address of the website you want to look at, not just the www name, but also that BT should look at the individual ‘packets’ of data your PC transmits to make absolutely sure you’re not looking at that website. To use a well-worn analogy, it’s like the Royal Mail opening every letter you write to check one of them doesn’t include a copied CD.
Let’s be clear, there is no law, and this court order does not make it illegal, to view the contents of Newzbin2. Cleanfeed was developed to block images and sites connected to child abuse, and it’s suitability for this kind of enforcement is far from clear.
It’s also unlawful in the UK for a private company to intercept communications without the prior consent of both the sender and recipient. So, it would appear a UK judge has just ordered BT to break the criminal law, in the name of copyright enforcement – which remains a civil matter.
This kind of uncertainty and contradiction is not new; it has been at the heart of policy formulation in the UK for several years, and is evident in the hand-wringing around the Digital Economy Act and its enforcement.
However, this ruling does have a wider impact - it brings into question the way in which individual privacy is protected online and the regard with which it is held.
It should not be forgotten that no UK regulator took action against BT when it used deep packet inspection as part of its advertising business development. The UK’s attitude to privacy online has been one of a badly blurred human right, a data protection regime created before Google existed and mismatched legislation that authorises investigations into suspected terrorists.
There is little discussion of how online privacy can be protected, with most of the debate focused on whether privacy comes at too great a cost to society. This cannot be a healthy situation for a society that is democratic.
As the legal question of protecting intellectual property and enforcing the criminal law becomes blurred with the moral questions posed by the likes of Claire Perry, the future of British access – private access – to a free internet becomes ever less certain.
This week, the great and the good of the internet world gathered in London to discuss the impending doom that an explosion in cybercrime entails.
Yet perhaps the greatest threat lies from within, and with a perfect storm of security, child protection and sexualisation and copyright enforcement we may be sleepwalking into the end of freedom online as we know it.
First posted on the Commentator.
Slowly, we are waking up to the enormous risk to personal privacy posed by the misuse of personal information.
Big Brother Watch’s report into the data protection breaches in the NHS highlighted a number of harrowing individual cases. However, the wider cultural question is the one which should be of greatest concern.
In an age when ever more personal information is collected as a matter of routine by both the public and private sector, how that information is held and protected is of critical importance. When that information is of the kind of sensitive details found in medical records, lax attitudes towards confidentiality and privacy are unacceptable.
Despite the much publicised decision to scrap the last Government’s NHS IT boondoggle, one element was quietly retained – the Summary Care Record.
As highlighted by our report ‘Broken Records’, this system will allow more than 100,000 non-medical staff access to patient information, with no requirement or check that they have any need to see the contents of a record.
There are clear steps that can be taken. Proper audit trails of who accesses records – assigned to individuals, not terminals – will add accountability, and much more robust training about the importance of privacy.
This kind of measures will help develop a more rigorous and respectful culture around personal information. Equally important is the work being done by a range of groups to highlight the incidents that would otherwise go unreported and to keep up the pressure for more attention to be paid to the problem.
Furthermore, there are two fundamental changes that are of a more serious nature. Firstly, infringing the privacy of someone – be they a patient, customer or marketing database entry – should be treated far more seriously. Verbal warnings and counselling appear frequently in the research we conduct, and only in a small proportion is employment terminated.
Secondly, the penalties under the Data Protection Act are clearly inadequate. The corporate penalty is of insignificance to the large organisations that hold the most information, while individuals are likely to escape with a small fine.
There is also a broader question that should be asked much more frequently – how much information is needed to provide the service in the first place? Big Brother Watch will be talking much more in future about the tendency of organisations in both the public and private sector to harvest as much information as possible. Simply, the greater the volume of information held, the greater the risk to our privacy.
There is one final, legislative step that requires urgent attention. The Justice Select Committee was the latest body to call for prison sentences to be available to judges presiding over cases involving breaches of the Data Protection Act, a move Big Brother Watch had previously said is much needed along with the Information Commissioner.
This power has already been legislated; however it remains to be enacted.
If the Coalition is serious about civil liberties and protecting privacy, delaying further on giving courts the tools to protect our personal information is unforgivable.
Today, David Cameron had this to say to Parliament on the role of technology in the recent riots:
“Mr Speaker, everyone watching these horrific actions will be stuck by how they were organised via social media. Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them.
“So we are working with the Police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality. I have also asked the police if they need any other new powers.”
It is a sad indictment of how poorly technology is understood in Government that this even made it into the statement. Aside from the fact that Blackberry Messenger is not a social network, the Whitehall response of blaming social media and BBM for the riots is only made worse by their proposed solution - let us see everything, or shut it down.
It’s a further sign of how inadequate the police’s intelligence gathering remains when so much of the discussion between those involved in the disorder took place in public forums.
To shut down social networking would require both shutting down the internet and mobile phone comms. Whether that is even possible, and ignoring the enormous economic impact it would have, the fact it is being considered should send a chill wind through the whole country.
Civil unrest - and indeed wars between nations - began, and were organised, long before modern technology. Technology facilitates faster action, but the underlying issues remain the same.
William Hague’s interview with Andrew Marr during the uprisings in Egypt offer an alternative viewpoint, which was clearly illustrated in a subsequent statement.
“The abuse of internet and mobile networks and, in particular, today’s increased intimidation and harassment of journalists, are unacceptable and disturbing.”
Quite.
The disclosure that the Government is actively discussing web-blocking will come as no surprise to many following the debate – but the fact that the confirmation had to be secured through an FOI request should be of real concern.
The inclusion of the Digital Economy Act in the wash up dramatically curtailed public debate around the significant powers contained within it. Whatever your views on the copyright and civil liberties issues involved, it was an affront to the democratic process for such a piece of legislation to be rushed through far from the glare of public scrutiny. Furthermore, the resulting legislation suffered massively from a lack of input and debate, in an area of policy that is absolutely central to Britain’s future as a digital knowledge economy.
It should be deeply troubling that the web blocking – and associated issues of net neutrality – are being pursued in a similar fashion. It appears that the rights holders group (which includes the BPI, UK Music, the Publishers’ Association and the Premier League; plus Google, Yahoo! BT, Virgin and TalkTalk) is already setting the narrative for the debate, with minimal input from outside groups.
There are a myriad of technical issues, civil liberties questions and economic development concerns associated with web blocking and the state taking on a role of internet censorship, many of which will be discussed on this blog in future.
However, the pressing challenge is simply to open up the debate on web blocking before it is too late and vested interests once again prevail.
The UK Government is currently considering the possibility of a UK-wide firewall, which (simply put) would give the Government the ability to block access to websites from the UK.
The argument has mainly been made around file-sharing sites, and to a lesser extent child pornography, and of course the Government insists that it would never be used for political reasons.
Yet the example of the Arab Spring and the subsequent activities of Governments in shutting down social networking sites (or more disturbingly, setting up spoof sites to entrap potential trouble makers) should not be forgotten.
It is entirely possible that as part of the super-injunction/privacy debate that website blocking could potentially be on the cards - neatly demonstrated by the High Court judge who warned “the internet is out of control.”
The internet is beyond the reach of Governments. So the natural response of Governments is to seek to bring it back under their control. The first step is to block sites sharing illegal music. That path leads to not being able to read about Tienanmen Square or organise demonstrations - it is not one that a civil society should permit.
However, there is a further option - for social networks to become ISPs.
The power of a shared satellite network, providing internet access to users without reliance on physical cable under the control of Governments, would have the potential to topple the Great Firewall of China, free protestors to organise demonstrations and globalise free speech beyond the reach of overactive judiciaries.
Eventually, universal internet access will be a humanitarian cause. What it needs is someone to take the first step, and aim for the stars.
Back in October, I attended an event in Doncaster discussing the impact of benefit cuts with the local community.
Unsurprisingly, one of the first questions asked was ‘which benefit would you cut first?’ After debate focused on things like the winter fuel allowance going to expats, or child benefit for the Beckhams, I suggested an alternative - abolishing National Insurance, in its entirety.
This surprised some people, but after about an hour of discussion one of the emerging themes was the complexity of the benefits system, and how it both took money away from the front line and penalised those who were less savvy with their paperwork - not to mention those who didn’t get the benefits they recieved because they were unable to navigate through the various forms. When I returned to my origional point, the idea didn’t seem quite so radical.
When NI was first established, it’s purpose was clear - a contributory system of insurance against illness and unemployment. In subsequent years it would be diluted to cover pensions and then contribute to the costs of the welfare state at large. Now, it is essentially a way for Governments to increase the tax take without increasing income tax, for that is a political line no politician ever wants to cross. (Albeit explicitly, as Gordon Brown’s 10p/20p swindle demonstrated.)
As someone who has both a PAYE tax code and submits a self assessment, I’ve been on the recieveing end of NI paperwork madness, being told almost simultaneously I wasnt paying enough and was paying too much.
Aboloshing NI would simplify the process for businesses, make the true level of taxation more transparent and put back on the political landscape the question of taxes and spending. It will of course mean other taxes are increased - probably both income tax and corporation tax, which does raise competitiveness questions - but those issues already exist when the cost of PAYE and NI are combined, something businesses of all sizes all too aware of.
Equally, it would give a once in a generation opportunity to - in theory - not just reduce but transform the tax system back office, delivering real savings without hitting frontline services.
However, there is an interesting question here - namely, whether doing this could scupper the government’s welfare agenda.
The NPS [National Insurance and PAYE Service] is one of the key components of implementing Universal Credits, and as I’ve previously warned if this technology link breaks down, there could be a high price to pay. The live-flow of data on earnings is essential for the DWP’s system to work, something that has been worrying many who have watched HMRC’s recent IT efforts with Accenture and Capgemini under the multi-billion ‘Aspire’ project.
There has been much positive discussion about improving Government IT, particularly at a pan-Governmenal level. It will be interesting to see amid all the excitement of aboloshing NI, anyone has looked at the impact it would have on existing government systems and the wider Coalition agenda already underway.
David Cameron caused a stir in Whitehall with his ‘enemies of enterprise’ line, with GOD (Gus o’Donnell) reportedly intervening on behalf of the mandarin class.
The thing is - I think Cameron was right. And I’d go further - it’s not just enterprise, I’d suggest the coalition needs to take on the enemies of innovation. And that absolutely includes swathes of whitehall mandarins and managers.
Yesterday the public administration select committee heard from a variety of industry figures about how the way government procures and uses technology could be improved.
The comittee heard some very clear messages - existing large suppliers had become oligarghs, innovation was designed out by lead contractors once the bid was won and it seemed outsourcing providers were incapable of failing badly enough to warrant legal action or heaven forbid not being given any more work.
Bluntly, Government was a gullible and badly informed customer who failed to take any meaningful action when things did go wrong.
Sadly, it seems the IT industry body Intellect has surrendered its role as a representative body of the whole industry, in favour of defending and apologising for the large system integrators who bare a large degree of responsibility for the mess Govt IT is in, however also happen to be a very lucrative revenue stream for Intellect.
But why is innovation such a difficult task for Government? As I have argued in the past, in my view there are simply too many vested interests involved who stand to loose badly if a radical approach was taken.
In the back office, unions and civil servants cling to the status quo to protect their empire - headcount is still king for many. The pain of redundancy (and in some cases up-front cost) means staff are shifted sideways or left in defunct roles, meaning savings are not realised despite investment in technology or process improvment.
In the front office, continued state monopolies mean all the levers of social progress remain in the hands of civil servants and managers, while also allowing politically-motivated action that may not serve the public well in the long run. Equally, this blocks innovation from the private sector, voluntary and charitable organisations which could add huge value to public services.
And indeed, many suppliers - particularly those on long-term maintenance and support contracts - see any change, innovation or performance review as a significant risk to their revenue streams, and act accordingly.
So how can these interests be overcome? The public sector is particularly risk adverse, and this in itself is no bad thing. But equally, it also seems there is little willingness to find ways of experimenting and testing new ideas.
Where systems and processes have been outsourced, the state is increasingly - and sometimes entirely - dependent on the outsourcing provider for insight and expertise. Put another way, when things go wrong or policy changes, the suppliers have the state over a very pricey barrel. Government needs the skills to hold suppliers to account and procure what it really needs, not what it thinks it needs.
The key question remains where are incentives to innovate, and to drive suppliers to design-in innovation? For who in the public sector is it in their best interest to find ways of transforming the way services are delivered? And not just at a pan-government level, these people need to be embedded in departments, dealing with the day-to-day processes that have remained in place for decades.
Furthermore, the political class needs to be far more vocal in holding Whitehall to account, not only when things go wrong but also when new ideas are watered down or parked.
For the Coalition, the prize is a leaner, more efficient public sector that can indeed deliver more for less. The public are not concerned with process, it is outcomes that matter. If the outcome can be improved upon - and in the longer term taxes reduced as the defecit is dealt with - that will be rewarded with many years in Government.
So, Mr Cameron, the challenge is clear - overcome the enemies of enterprise, defeat the enemies of innovation and deliver the transformation in economic activity and public services that Britain so badly needs.
This weekend at Conservative Spring Forum I heard several mentions of Nottingham Council,who have refused to publish their spending over £500. Web-enabled transparency is something politicians on all sides (myself included) have highlighted as a way of overcoming the lingering suspicion of politicians following the expenses scandal, as well as engaging the public in the challenges of dealing with the deficit.
One example of the power of the internet and transparency being combined was the Treasury’s ‘Spending Challenge’ webite before the spending review, engaging the public in the budget making process and generating more than 100,000 ideas.
Following this lead, Kirklees council set up it’s “Your Voice” website to crowd source ideas prior to the budget being passed by council. A very welcome step. Sadly it seems, the reality of the councils’ approach to web communication and transparency doesn’t seem to have reached all areas of the organisation.
On Wednesday 23rd February, the Labour-run Kirklees Council voted to approve the council’s new budget.You can read the council’s own press release, or local press coverage.
Sadly, you still can’t read the budget itself though. Head to the council website budget page and you’ll find 2010’s figures. I emailed the council on March 1st and, six days later, was told that the budget was not available online - but it was available in soft copy at six libraries across the district. Furthermore, the official told me “I have been informed that at this moment these particular budget documents are not going to be available on the intranet.”
The cost of putting these paper copies in libraries far exceeds the cost of putting PDFs online - not least given the effort put in to the pre-budget digital engagement. Seeking the public’s input is laudable before the budget is set, but a cynic might suggest that to deny the public the detail of council spending decisions is a far more concerted way to undermine ongoing civic and democratic engagement.
in this day an age, it is ridiculous for such crucial documents of public record and interest not to be available online almost immediately.
It looks very much like Kirklees Council want to have their cake and eat it - criticising the Government’s reduced funding without wanting to tell anyone how much money it spends on publicity, hospitality and back office costs. In other words, exactly the things it should be cutting before a penny is taken away for the front line. Sadly the political point-scoring by Labour councillors clearly comes before protecting front-line services and their commitment to transparency.
Perhaps it is time for the Freedom of Information Act to be extended to include a legal mandate on publication online?
The past few days have seen much fanfare with the unveiling of US Diplomatic Cables by WikiLeaks. While they have certainly caused much embarrassment, as yet I’ve not seen any particularly revealing content, or indeed anything that would threaten the life of a source.
While I would suggest this is because those media organisations involved have performed a degree of pre-publication redaction, which is to be welcomed, I would certainly vehemently disagree with those who see WikiLeaks as perpetrators of a crime or - as one particularly bonkers American politician did - that WikiLeaks should be classified as a terrorist organisation. Nothing disclosed is untrue, which is more than can be said of many ‘official’ sources. (Imagine what would have happened if the day of the Parliamentary vote on war in Iraq, Wikileaks had released the real sources which had been spun and massaged by messrs Blair and Campbell.)
The debate takes on a particularly interesting angle when seen in the context of UK Internet body Nominet (they control the .uk domains) announcing it is to seek, at the request of the Serious and Organised Crime Agency, powers to shut down UK websites.
It should be noted, this does not include any need to seek the approval of a court.
When WikiLeaks released a video of an Apache gunship shooting dead innocent civilians - and two international journalists - they performed an absolute public service. A cover-up was exposed, and justice done.
Are we to trust the same people who deplored that release with deciding what should, and should not, be allowed to be online?
Fortunately, the same globalisation that means we can enjoy cheaper clothes and food, do business around the world and travel to far flung places for exotic holidays is exactly the same globalisation that means information is no longer containable. The two are mutually dependent - the flow of knowledge the life blood of a modern economy.
Simply, the internet is beyond the control of any Governments, without a total and unyielding control of all internet traffic. I hope that would never be allowed in Britain.
Sadly, Nominet’s proposals highlight a worrying naivety of cyber policy. It echoes the ignorance that drove the Digital Economy Act’s disconnection powers through the commons without proper debate.
I hope this proposal will be greeted with the disdain it deserves. If controlling the UK web ‘brand’ is so important, it should at a minimum be done with judicial oversight.
Personally, I think we could do far more good looking at what already goes on beyond the immediate vision of regulators and focus on supporting the real front line, fought in distant corners of the globe and anonymous cyber cafes.