The supposed “controversy” over the Prime Minister’s call for action to clean up the Internet is a powerful example of how fake news can get traction. Google, Facebook and Twitter are now talking about what they are already doing , as though it should be enough, rather than saying it is undesirable or impossible. The advertising boycotts to which I referred earlier this year, allied to the scale of click per view fraud, concentrated their minds more powerfully than government ever could. Their very business models are now at risk.
Meanwhile the LibDems still defend their opposition to the renewal of surveillance powers which enabled the support ring round the Manchester bomber to be identified and picked up so quickly. They claim, like Labour, that more policemen would compensate for a lack of intelligence. Unlike Labour they link this to a claim that Brexit will weaken our ability to co-operate internationally against terrorism. It is as though effective pan-EU law enforcement co-operation was one of the achievements of the European Union. As yet it remains one of the EU’s failures. Operational information sharing remains slow and clunky, hampered by lack of trust and privacy directives, except for a handful of high profile, resource intensive investigations into pan-EU hacking groups. The modest improvements over the recent years are now threatened by interpretations of the GDPR.
The Conservative manifesto (e.g. page 79 – The safest place to be online) indicate this an area where Brexit is likely to lead to more, not less, effective co-operation – globally, not just with the EU. But this has long been an area where words and actions do not correlate. During a wash-up after the London Riots it transpired that the problem was not a lack of police powers. It was their inability to make timely use of the information on offer from the mobile phone operators. Police funding and manpower were (and are) not the issue. It made (and makes) far more sense to use the staff and processing facilities of industry (telcos, ISPs, on-line advertisers and retailers, identity service providers, payment service operators etc.), GCHQ and selected Universities and others (as currently being opposed by Privacy International in yet another Court Case) than to duplicate these.
But this raises major governance issues – as covered in the last paper of EURIM-IPPR Partnership Policing Study – the recommendations of which the last Labour Government tried and failed to implement. Interestingly their problem was not Party political. It was that the other tribes of Whitehall (including BIS, DCMS and GCHQ) would not allow Home Office to lead the implementation or the cross-cutting actions necessary. This year, the many of the ideas have appeared, in updated form, in the Conservative Manifesto – amid commitments to use Brexit to make the UK the safest place to go on-line by becoming a global leader in action against Internet predators and abusers. Hence also my welcome for the involvement, at long last, of GCHQ (via the NCA) after a couple of NHS trusts were brought down by Wannacry.
No wonder the LibDem remoaners are so upset at such a neat way of exploiting the opportunities that come from being outside the conflicting EU directives and regulations and thus able to combine the “equivalences” already agreed with those outside the EU and WTO rules . I too am miffed at realising that I wasted three decades of my life trying to reform the EU from within. Yesterday I was involved in an interesting argument as to whether 70 years of peace in Europe was an achievement of NATO or of the EU – the overwheening ambition of whose “President” nearly brought that peace to an end with an attempt to “embrace” not only those parts of the Ukraine “stolen” from Poland but those which were part of Mother Russia.
Meanwhile the Open Rights Group and others appear to have confused defending the use of strong cryptography with opposing attempts to identify, isolate and/or “remove” on-line criminals, terrorists and other predators/abusers. Exiling extremists to the dark corners of the Internet, where they can more easily be identified by traffic analysis, is a win-win strategy at many levels.
Perhaps the most important, however, is the way that such an exile makes it harder for DAESH to use mainstream social media to proselytise, with claims they represent the teachings of the prophet, as opposed to the ramblings of post-Baathist blasphemers piggy-backing on the doctrines of an obscure 18th Century iconoclast (who was savvy enough to do an alliance with a local warlord whose descendants acquired control of the land under which sat 20% of the world’s oil). ISIL/DAESH represents Islam about as much as the wee wee frees represent Christianity. But it is well-funded and professional in its use of fashionable social media to recruit “lost” souls among teenage western muslims. Forcing it to use services more commonly associated with drug dealers, fraudsters, pederasts, dissidents, spies and the paranoid, is a major blow to its presence, prestige and ability to recruit.
We should also remember that many of those who currently pose the greatest threat make little use of western PKI-based crypto, designed for those who have never met. They use older, simpler, methods based on the physical exchange of information (and/or sim cards) at training camps, religious meetings or on pilgrimage. The need is therefore to identify, track and trace them and their contacts using “sigint”, alias the “big data” analysis of traffic, as pioneered by the “registry” of Bletchley Park (to track the German Order of battle, including staff movements between units as well as of unit). We here much about Enigma and a little about Colossus but almost nothing about the Registry. That is because many of its methods are still in use today, including by Google (whose business is largely based on processes invented, but never patented, decades before the company was borne). The difference is that today the sigint can be processed in real time by Big Data Barons who regard your on-line footprints as their digital chattels to be sold to who-ever will pay. Hence the wider need for section 5 of the Conservative Manifesto.
As I pointed out again in my recent blog on the irrelevance of the GDPR, the importance of strong crypto is to ensure data authenticity and integrity, not “merely” confidentiality. Its defence should not be muddled with the need for Governments to respond to public opinion in the face of perceived current threats. Our children may be at statistically more risk from a vicious dog or drug-addled teenager with a knife – but social cohesion in significant parts of the UK depends on “removing from sight” (both on-line and off-line) the 20,000 or so UK converts to a blasphemous 21st Century hybrid between Baathism and Wahabism.