What is the difference between Google, Facebook and Fixed and Mobile Operators monitoring traffic to "improve" their services to paying customers and government plans to pay operators to store communications data in case they might want it for intelligence or law enforcement?
The simplest answer is "Google, Facebook et al do it to make money for themselves. Government does it to make money for suppliers of storage technology."
If Government has £1.8 bn to help improve the ability of law enforcement to protect us against terrorists, pederasts, hactivists and on-line fraudsters, is the most efficient use of that money to pay UK communications operators to retain communications data for longer?
Government may talk of the need to identify and monitor potential terrorists but the public gives priority to preventing looters and muggers taking over our streets and shopping malls. Short of an IRA style bombing campaign, the latter has more impact on the economy, including the Chancellor's tax take. The Court of Appeal has appreciated this. Has the Home Office? The sums allocated to data retention for possible future use could transform the ability of law enforcement to analyse the operational intelligence feeds already on offer in time to take action on crimes (including cyber attacks on critical systems and physical assaults on high streets or shopping malls) while they are being organised or are under way.
Similarly, if Government were to be serious about protecting children for on-line predators, e.g. those hanging around on their social and games media such as Facebook or Habbo , should it not give priority to better enabling law enforcement to use the services used by business to identify, track and trace those attacking them and their customers? My understanding is that many of the services now being used to identify those organising botnets, corporate or personal impersonation and on-line fraud could equally well be used against those seeking to corrupt and abuse the young.
Here we approach some of the hypocrisies
at the heart of the current debate.
The services used by industry also have the potential to identify and perhaps even cripple
the cyberwarfare capabilities of nation states: "ours" as well as "theirs".
It is not just the libertarian supporters of Big Brother Watch who want to preserve the anonymity that lies at the heart of the current Internet. The current proposals are about preserving anonymity for the cyberwarriors of government while denying it to the rest of us.
Who really wants to honestly debate the benefits, including reduced costs and improved confidence, that could be derived from wholehearted co-operation between public and private sectors in removing predators while protecting the vulnerable?
I first spoke over a decade ago at a Freedom Forum event , before the bulk of on-line transactions had migrated to the Internet, on the need to separate trusted (walled gardens) and untrusted (including anonymous and pseudonymous) traffic. With the transition to IPV6 the need to find ways of preserving genuine anonymity for those who want or need it has acquired a new urgency.
We need to think constructively about how to reconcile the means of protecting some of the most vulnerable in society (as well as those seeking regime change via peaceful means) with the need to update the interception and monitoring capabilities of law enforcement to better protect us against malpractice. That includes looking at the issues in the context of policy over electronic identities (where the UK appears to have given up and contracted debate to OIX) We also need to look at the means of better organising (and funding) co-operation between Industry and GCHQ/MoD on "civil defence" as the Cold Cyberwar begins to burst into Flames.
The good news, at least for me, is that I am now collecting retainers, albeit quite small, to help some of those who are serious about finding answers that will help make the UK "the most trusted place in the world to do on-line business". I have also agreed to help an exercise on the meaning of "Trust" in the on-line world. I will blog again when we have worked out how to structure the exercise and who to involve.