Thursday, July 17, 2014

Do UK govt surveillance laws go far enough?

Last week the UK government announced it was to bring in emergency legislation in order to force Internet and telecommunications companies to keep records related to its customers' use of the Internet and phone.

There were  many sensationalist headlines accusing the government of extending laws on snooping, eroding further people's perceived right to privacy and increasing surveillance powers such that Britain would become a police state.

But with terror threats growing and fanatical Islamist groups taking hold in Iraq, Syria and parts of Africa, the government's measures may not only be necessary, they may not even go far enough.

Terror threat

Even before 9/11 Britain and other countries faced a growing threat of terrorism. And that threat has grown, not least because of the growth in technology. Internet communications and mobile phones have made many people's lives better. But the same technology allows terrorists to disseminate their message in a way they were never able to before. Information about bomb construction can be sent around the world in seconds to would-be terrorists. Messages may be encrypted to avoid detection. VPNs may be used to further evade surveillance, whilst individual extremists may also create temporary email accounts and use mobile phones on an untraceable Pay As You Go 'contract'.

Collecting data

Recent judicial reviews by the EU concerning the data collected by ISPs and telecommunications created a dilemma for UK companies with many unsure as to whether they were still obliged to retain customer data.

The emergency legislation the British Prime Minister announced was, he said, to clarify the law and to prevent any loss of information that could prove useful in fighting the war on terror.

Speaking before a room packed with journalists, PM David Cameron said that the emergency legislation would be brought in to force phone & ISPs to retain and continue to log records of customer calls, texts and Internet use.

He pointed particularly to the growing fears over radicalised Brits returning from Syria and other regions around the world as well as the increasing threat from ISIS in Iraq which threatens to destabilise and radicalise the whole region.

Keeping Britain safe

"Unless we act now ... we will not be able to keep our country safe," the Prime Minister insisted, pointing out that data, currently stored by companies could be deleted before security and intelligence services had managed to analyse it.

However, Cameron said that the surveillance would not be all encompassing. Concerning Internet usage the web addresses would be logged, essentially creating a list of IP addresses visited. As regards phone records only the numbers called or texted would be logged, the content would not.

Further to this a warrant will be required to access that information, Cameron insisted, adding that an annual transparency report would be published related to Britain's surveillance and access to data.

In addition there would be an "oversight board" established to keep privacy in check, the Deputy PM Nick Clegg added, attempting to put aside fears of a growing surveillance state.

Piecemeal approach

But while there were certainly many questions related to an erosion of privacy and a so-called snoopers charter, there were a few journalists who questioned whether the measures went far enough. No one raised the question concerning how the use of VPNs to evade data logging by ISPs might be countered.

A journalist from the Sun newspaper asked the Prime Minister if the powers should go further. Without monitoring content of emails, texts and phone calls was the government at the risk of having "blood on their hands" as they miss a vital opportunity to prevent an attack.

Cameron said further powers were "a matter for future debate". This response was perhaps unsurprising in the wake of the Snowden revelations [BBC / BBC / TelegraphGuardian / Daily Mail / ITV News / Reuters / Reuters / FT]

Government snooping vs protection

Many people in Europe and the US have become suspicious of their government's snooping and surveillance activities.

However, legal or not, much of what the intelligence agencies, be it the NSA or Britain's GCHQ, have been doing is necessary to maintain the status quo, protect government, its people and business interests.

The US and Europe have been tackling Islamic extremists for more than 15 years. And whilst some attacks have slipped past the radar, authorities have managed to break up terror cells and foil terrorist attacks.

Constant Internet surveillance has helped in finding and preventing hacking attacks, perpetrated by individuals, terror groups and nation states. Indeed, while the threat from terrorist groups is substantial, economic threats from other countries can be just as destabilising [Forbes].

The China syndrome

Whilst not the only country engaged in industrial espionage, China poses a serious threat to both western governments and manufacturing companies.

As the British government announced new measures to combat terrorism, it also pledged a £1.1 billion increase in military spending focused particularly on the ongoing cyber threat [Sky News / Telegraph]. Most media reports talked of the threat of cyberterrorism, but it is clear that nation states are also in the frame.

Days before the UK government's spending pledge, the US talked of a concerted hacking attack by the Chinese who broke into a US government network in an attempt to gain personal information on thousands of employees [BBC / ABC].

This came a few months after the FBI indicted five Chinese army officers with hacking into private-sector American companies in a bid for competitive advantage. Both countries have long accused each other of cyberespionage. However, whilst the US acknowledges that it conducts espionage it says it does not pass on what it finds to its own companies.

China is accused of deliberately stealing industrial secrets in order to gain competitive advantage. In fact there are even some clear example where such activity has even brought down companies.

Many people will likely not have heard of Nortel, a Canadian firm that was once a market leader in the telecommunications industry [WSJ / The Register / CBC /

Nortel went bust by 2009 after years of hacking which was traced to China. And since then GCHQ officials have revealed that they know who is doing the hacking, but have refused to reveal the details publicly [CNET / Sophos / Financial Post / Washington Post / CBC].

Cyberthreats

In a series of programmes broadcast by the BBC in 2013 Gordon Corera investigated the ongoing and perhaps the greatest threats to national security. The programmes showed that hostile nation states were conducting a war over the Internet, while Western companies face the wholesale plundering of their economic life-blood [Under Attack : The Threat From Cyberspace].

While North Korea and Iran are both thought to have launched attacks, the US too has also been accused of releasing the Stuxnet virus into the wild in an attempt to bring down Iran's nuclear facilities.

But the biggest player is strongly believed to be China. "Britain is under attack," Britain's then Foreign Secretary William Hague said. "Most countries are under attack and certainly many industries and businesses are under attack." Of course he and others in Britain's intelligence community refuse to point the finger, tough many quietly say they 'know' who is responsible.

The US are more vocal and this year's Annual Report to Congress concerning the Military and Security Developments Involving the People's Republic of China did not pull any punches regards the threat from China.

David Cameron's talk of a need to tackle organised crime, child abuse and terrorism is laudable. But the threat from nation states could be much greater. The measures announced by the government are necessary, but to tackle such threats Britain arguably needs to go much further. The price is that our 'right to privacy' - if ever there was truly such a right - is dispensed along with it.

The Deputy PM Nick Clegg said the government valued people's concerns about freedom. "Liberty and security must go hand in hand," he said. But he said there was "an urgent challenge" to deal with an ever growing threat. That assessment, at least is not wrong.

tvnewswatch, London, UK

No comments: