Should priority for reform of UK Investigatory Powers be to protect citizens or the state?

I spent a lot of time helping organise scrutiny of the original bill to regulate investigatory powers. Despite our efforts the result was deeply flawed. The resultant processes were bureaucratic and sclerotic with regard to those in security services and law enforcement who most voters probably believe need such powers. They were slapdash and ineffective with regard to the junior staff in local authorities and other agencies who most of us trust even less than Apple or Google (who require access to all our traffic to help “improve” their services) and about as much as those nice people from Microsoft (or our Bank or ISP) who ring up offering to help fix our computer (or move our money to a new bank account because the current one has it has compromised in the scare of the day).

This time the draft legislation has been published in good time to allow the scrutiny to get it right. But it will only be improved if readers use all opportunities in the course of pre-legislative scrutiny to raise what should be covered, not just discuss the technical detail that will be covered by the Science and Technology Select Committee enquiry – although their call for evidence by November 27th gives an excellent opportunity to raise wider issues that the Bill Scrutiny Committee (two of whose members are on the S&T Committee).

I suggest those who have merely read the headlines begin by reading the excellent summary produced by Tech UK , then the transcript of the discussion at the first S&T oral hearing and then dip into the Bill itself. and the supporting “Fact Sheets“.

The good news is the strong judicial oversight (albeit perhaps not by the Master of the Rolls as I called for earlier this year). The bad news is the lack of thought as to how to enlist industry co-operation, perhaps without warrant but with the informed consent of the actual or potential victims, to help identify predators collecting information in order to harass, exploit, plunder or impersonate us. This entails filtering the morass of metadata generated by, for example, the app tracking bloatware that now clogs fixed and mobile internet connections and is the main reason we need a universal service obligation of 10 Mbps rather than 2 Mbps. Merely storing metadata and other traffic, in case it might be useful, is not good enough.

We need to use the opportunity to move towards true partnership policing and I plan to make time to blog on this in the context of the London Mayoral elections and the need to make London the safest place to go on-line – rather than the world’s largest concentration of victims.  

The recent Parliament and the Internet conference included an excellent discussion on surveillance legislation chaired by Gordon Corera that neatly juxtaposed the arguments. I asked whether my conclusion should be to give permission the Metropolitan Police to access my data without need for a warrant, but not to GCHQ, less it be passed to the Americans (under Mutual Assistance). The response got the first, and almost only, laugh of the day. But later we had a chilling demonstration (using Wireshark) by Geoff White of the volume of transmissions generated inside about 30 minutes by a smart phone, supposedly at rest.I have occasionally measured (using Ghostery) the number of uninvited apps which track my every internet access (and more) on the system I am using to keyboard this blog – and been staggered by what I find. I had not appreciated that these were but the tip of an iceberg.]

The capital cost of installing the capacity to store such traffic for a year, let alone the operational cost of keeping it secure, might well dwarf the budgets in mind for the implementation of the legislation. But how can it be separated from the traffic that might actually be of value?

Also we could not forget that the UK Post Office monopoly originated from the surveillance ambitions of the state. Charles II’s head of security, his younger brother, blocked the original London-wide penny post because he could not steam open the letters (to uncover illicit love affairs, discontent with the King’s life style or terrorist plots). We need to ensure that similar concerns are not used to help recreate the BT monopoly (see the comments to my last blog).

We really do need to move the debate from an adversarial confrontation over who pays for the mass retention and analysis of data of questionable value – to how to organise the governance of partnerships that enable action to be taken, perhaps even in “real time” to protect victims, block fraud, recover the proceeds of crime and thus make the Internet a safer place for all. 

Do respond to the Science and Technology Select Committee’s call for evidence .