First published in the Independent on Sunday.
The security company in the headlines this weekend may be G4S, but the wider question of whether the military-security establishment has sought to benefit from exploiting the public’s fears about their safety has been brushed under the carpet by politicians who have been equally culpable of the same manipulation.
After 9/11, New Labour subjected the public to regular warnings that an attack was imminent and that we had to trust the Government to make decisions about how our liberty should be protected.
Every decision, every argument, was framed in the context of national security and terror. Ian Huntley and Osama bin Laden became poster boys for a generation of operatives who saw fear as their most successful lobbying tool. Those who opposed increasingly authoritarian policies – from 90-day detention to ID cards – were caricatured as appeasers, not to be trusted or taken seriously.
The invasion of Iraq was pursued on the pretext of protecting British and American national security. Weapons of mass destruction, capable of being launched in 45 minutes, may have turned out to be a work of fiction, but the political advantages and commercial benefits enjoyed by those involved were all too real.
The Blair government may be long gone, but read Home Office press releases and you’d struggle to tell the difference. Even the modest proposal to require local authority officials to seek a court warrant before they enter your home – as contained in the Conservative manifesto – was casually punted into the long grass by way of a two-year review.
From the watering down of proposals to destroy innocent people’s DNA held by the police to the devolution of police powers to civilians, including private security contractors, the impression given is that it is officials schooled by New Labour, not ministers, who are making decisions about which liberties are expendable.
Where does this demand for security come from? Why is it that the people offering services to protect the public are often lobbying publicly and privately about the need for greater investment in security infrastructure. The security industry has managed to co-opt the political class as both their main proponent and their biggest customer.
Fear breeds invention, as the saying goes. And the security industry has been busy inventing – and selling. Walk round any security conference and you’ll be greeted by the kind of glitzy marketing and promotion you might expect at a Formula One event. If marketing is about finding potential customers and then creating demand for your product, the security industry is rapidly becoming a textbook example of how to get rich quick without ever having to test your assumptions.
Since 9/11 an entire industry has sprung up offering services for screening passengers; thousands of body scanners have been installed worldwide; and governments have called for more security staff on planes. These vested interests are not only a commercial force. Civil servants are more than ever using the fear of terrorism and the need to “secure” our borders/children/property/energy to further their own interests.
When David Davis MP coined the term “securocrat”, he illustrated the ability of Sir Humphrey in Yes Minister to hide empire-building behind warnings of the sky falling in. Present events neatly demonstrate how effective this can be. At a time of swingeing government spending cuts, the Home Office has secured £1.8bn for its Communications Capabilities Directorate, the 120-strong team responsible for the draft Communications Data Bill.
Those expecting to know how this money will be spent will be disappointed. Question accountability, feasibility or budgets and you will be told all is in hand, as we once were with the NHS IT project, countless Ministry of Defence sagas and the cost of the Olympics. The Communications Capabilities Development Programme is set to become the first democratic government policy to force communications providers to monitor their customers, and also the first government IT project to come in on budget and work exactly as planned.
Yes, we need to be vigilant, but if we pursue policies that inhibit civil liberties in the short term, we put at risk the same freedoms we are seeking to defend. Not only have we created a climate of fear, we have allowed those with a vested interest to control the debate. Now is the time to challenge those who seek to profit from fear.
Hysterical arguments about paedophiles and terrorists demean both the public and the institutions we trust to keep us safe. Defending the realm means defending the values that have made this country not just a prosperous one but a beacon of liberty that has, and must, shine brightly.
The achievements of the future will not be made possible by more sacrifices of freedoms, but by a willingness to act proportionately in the face of risk. Freedom is never more than a generation away from extinction, Ronald Reagan once said. Let us not be the generation that fails to speak up.
Technology may be changing, but should be moving further away from the basic principles of a democratic society as a result?
On the one hand, it’s argued this is an essential tool needed to protect national security. So surely the Government should have moved to ensure it is in place before the Olympics?
On the other hand, today it has been presented as a tweak to existing laws, updating them to reflect modern communications. Strange then that a technical legislative revision is being given prime billing in the Queen’s speech.
The Home Secretary and her ministers have been invisible, either incapable or unwilling to defend a policy that has caused concern and dismay from ordinary members of the public and civil liberties campaigners alike.
Many will be surprised that a Government supposedly committed to protecting civil liberties is discussing policies it branded as unacceptable when Labour were in power. Unfortunately, this is the latest such area of policy where the Home Office is presiding over such a U-Turn, following broken promises over the DNA Database and the powers officials have to enter our homes.
Indeed, we still do not know the full detail of the proposals, forced to rely on snippets leaked to newspapers or briefed out by concerned civil servants. While the Government believes if we have nothing to hide, we have nothing to fear, it seems that does not apply to their own policies. What we do know is that not only does this involve more data being retained, but ‘black boxes’ run by the security services being installed onto networks. Given that Google last year refused 37% of the applications made to it for user data, how will any check or balance operate when we have allowed the spooks to build a back-door into our communications networks.
The plans also carry an economic cost. The cost to businesses of storing vast quantities of data is not insignificant, while start-up companies may regard the burden as simply too great to bear, taking their innovation and jobs elsewhere.
Equally, service providers will be hit with new costs at a time when they are also being asked to invest in new, high-speed fibre optic and under this scheme, the greater the volume of data they carry, the greater the cost to their business. Investment, innovation and growth will all suffer.
Finally, it is far from clear that the policy will actually improve public safety, with serious threats driven underground and technical evasion becoming common place. Given the importance of encryption and private networks to ensuring data protection, it is unclear how this policy with deal with legitimate and necessary – and legal – measures to protect the privacy of communications.
While it is important to keep pace with internet connections arguably the most pressing issue for our security is the continued availability of unregistered, pre-pay mobile phones. As recognised in the 7/7 Inquest, increased surveillance does not automatically yield better results, and the way these ‘operational’ phones were used was found to render enhanced surveillance of little use in preventing the attack.
There is also the potential of a ‘honey pot’ effect, with foreign governments and malicious individuals focusing their energy on gaining sight of the data collected. Privacy and security do indeed go hand in hand.
Britain is already one of the most spied on countries off-line and this is a shameful attempt to watch everything we do online in the same way. The vast quantities of data that would be collected would arguably make it harder for the security services to find threats before a crime is committed, and involve a wholesale invasion of all our privacy online that is hugely disproportionate and wholly unnecessary.
Freedom of speech and association requires the ability to communicate in private. Logging who you are talking to, when, for how long and where is the kind of monitoring that chills freedoms, not defends them.
In a democratic society, it is not for innocent civilians to justify why the Government should not spy on them.
With a perfect storm of security, child protection and sexualisation and copyright enforcement we may be sleepwalking into the end of freedom online as we know it.
Deep Packet Inspection (DPI) may sound like something you definitely don’t want to hear your GP say, but the reality is arguably far worse.
The legal action against file sharing site Newzbin2 was the first large-scale legal action of its kind, and resulted in a legal order mandating BT to block its customers from accessing the site.
There are various ways of achieving this, from simply blocking the web address to more complex technical methods. But the question of key concern is whether BT should be able to inspect everything you see and do online to ensure that you’re not looking at a website.
In other words, is the price for copyright enforcement our privacy?
According to the Honourable Mr Justice Arnold, BT not only should be able to see every detail of what we do online, but the court expects it to look.
In section 6 of his ruling of the 26 October, Arnold says BT’s Cleanfeed technology should be used to stop users accessing the site, believing Cleanfeed involves “a two-stage system of IP address re-routing and DPI-based URL blocking.”
In human-speak, this means looking at the digital address of the website you want to look at, not just the www name, but also that BT should look at the individual ‘packets’ of data your PC transmits to make absolutely sure you’re not looking at that website. To use a well-worn analogy, it’s like the Royal Mail opening every letter you write to check one of them doesn’t include a copied CD.
Let’s be clear, there is no law, and this court order does not make it illegal, to view the contents of Newzbin2. Cleanfeed was developed to block images and sites connected to child abuse, and it’s suitability for this kind of enforcement is far from clear.
It’s also unlawful in the UK for a private company to intercept communications without the prior consent of both the sender and recipient. So, it would appear a UK judge has just ordered BT to break the criminal law, in the name of copyright enforcement – which remains a civil matter.
This kind of uncertainty and contradiction is not new; it has been at the heart of policy formulation in the UK for several years, and is evident in the hand-wringing around the Digital Economy Act and its enforcement.
However, this ruling does have a wider impact - it brings into question the way in which individual privacy is protected online and the regard with which it is held.
It should not be forgotten that no UK regulator took action against BT when it used deep packet inspection as part of its advertising business development. The UK’s attitude to privacy online has been one of a badly blurred human right, a data protection regime created before Google existed and mismatched legislation that authorises investigations into suspected terrorists.
There is little discussion of how online privacy can be protected, with most of the debate focused on whether privacy comes at too great a cost to society. This cannot be a healthy situation for a society that is democratic.
As the legal question of protecting intellectual property and enforcing the criminal law becomes blurred with the moral questions posed by the likes of Claire Perry, the future of British access – private access – to a free internet becomes ever less certain.
This week, the great and the good of the internet world gathered in London to discuss the impending doom that an explosion in cybercrime entails.
Yet perhaps the greatest threat lies from within, and with a perfect storm of security, child protection and sexualisation and copyright enforcement we may be sleepwalking into the end of freedom online as we know it.
First posted on the Commentator.
Slowly, we are waking up to the enormous risk to personal privacy posed by the misuse of personal information.
Big Brother Watch’s report into the data protection breaches in the NHS highlighted a number of harrowing individual cases. However, the wider cultural question is the one which should be of greatest concern.
In an age when ever more personal information is collected as a matter of routine by both the public and private sector, how that information is held and protected is of critical importance. When that information is of the kind of sensitive details found in medical records, lax attitudes towards confidentiality and privacy are unacceptable.
Despite the much publicised decision to scrap the last Government’s NHS IT boondoggle, one element was quietly retained – the Summary Care Record.
As highlighted by our report ‘Broken Records’, this system will allow more than 100,000 non-medical staff access to patient information, with no requirement or check that they have any need to see the contents of a record.
There are clear steps that can be taken. Proper audit trails of who accesses records – assigned to individuals, not terminals – will add accountability, and much more robust training about the importance of privacy.
This kind of measures will help develop a more rigorous and respectful culture around personal information. Equally important is the work being done by a range of groups to highlight the incidents that would otherwise go unreported and to keep up the pressure for more attention to be paid to the problem.
Furthermore, there are two fundamental changes that are of a more serious nature. Firstly, infringing the privacy of someone – be they a patient, customer or marketing database entry – should be treated far more seriously. Verbal warnings and counselling appear frequently in the research we conduct, and only in a small proportion is employment terminated.
Secondly, the penalties under the Data Protection Act are clearly inadequate. The corporate penalty is of insignificance to the large organisations that hold the most information, while individuals are likely to escape with a small fine.
There is also a broader question that should be asked much more frequently – how much information is needed to provide the service in the first place? Big Brother Watch will be talking much more in future about the tendency of organisations in both the public and private sector to harvest as much information as possible. Simply, the greater the volume of information held, the greater the risk to our privacy.
There is one final, legislative step that requires urgent attention. The Justice Select Committee was the latest body to call for prison sentences to be available to judges presiding over cases involving breaches of the Data Protection Act, a move Big Brother Watch had previously said is much needed along with the Information Commissioner.
This power has already been legislated; however it remains to be enacted.
If the Coalition is serious about civil liberties and protecting privacy, delaying further on giving courts the tools to protect our personal information is unforgivable.
Deep Packet Inspection (DPI) may sound like something you definitely don’t want to hear your GP say, but the reality is arguably far worse.
The legal action against file sharing site Newzbin2 was the first large-scale legal action of its kind, and resulted in a legal order mandating BT to block its customers from accessing the site.
There are various ways of achieving this, from simply blocking the web address to more complex technical methods. But the question of key concern is whether BT should be able to inspect everything you see and do online to ensure that you’re not looking at a website.
In other words, is the price for copyright enforcement our privacy?
According to the Honourable Mr Justice Arnold, BT not only should be able to see every detail of what we do online, but the court expects it to look.
In section 6 of his ruling of the 26 October, Arnold says BT’s Cleanfeed technology should be used to stop users accessing the site, believing Cleanfeed involves “a two-stage system of IP address re-routing and DPI-based URL blocking.”
In human-speak, this means looking at the digital address of the website you want to look at, not just the www name, but also that BT should look at the individual ‘packets’ of data your PC transmits to make absolutely sure you’re not looking at that website. To use a well-worn analogy, it’s like the Royal Mail opening every letter you write to check one of them doesn’t include a copied CD.
Let’s be clear, there is no law, and this court order does not make it illegal, to view the contents of Newzbin2. Cleanfeed was developed to block images and sites connected to child abuse, and it’s suitability for this kind of enforcement is far from clear.
It’s also unlawful in the UK for a private company to intercept communications without the prior consent of both the sender and recipient. So, it would appear a UK judge has just ordered BT to break the criminal law, in the name of copyright enforcement – which remains a civil matter.
This kind of uncertainty and contradiction is not new; it has been at the heart of policy formulation in the UK for several years, and is evident in the hand-wringing around the Digital Economy Act and its enforcement.
However, this ruling does have a wider impact - it brings into question the way in which individual privacy is protected online and the regard with which it is held.
It should not be forgotten that no UK regulator took action against BT when it used deep packet inspection as part of its advertising business development. The UK’s attitude to privacy online has been one of a badly blurred human right, a data protection regime created before Google existed and mismatched legislation that authorises investigations into suspected terrorists.
There is little discussion of how online privacy can be protected, with most of the debate focused on whether privacy comes at too great a cost to society. This cannot be a healthy situation for a society that is democratic.
As the legal question of protecting intellectual property and enforcing the criminal law becomes blurred with the moral questions posed by the likes of Claire Perry, the future of British access – private access – to a free internet becomes ever less certain.
This week, the great and the good of the internet world gathered in London to discuss the impending doom that an explosion in cybercrime entails.
Yet perhaps the greatest threat lies from within, and with a perfect storm of security, child protection and sexualisation and copyright enforcement we may be sleepwalking into the end of freedom online as we know it.