What is missing from the debates over RIPA, IMP and Data Retention

The Scrambling for Safety debate last week generated more heat than light, save that law enforcement would prefer the money to be spent on facilities to turn what is already on offer into usable information. So are we merely arguing about an expensive job preservation scheme for Martin Horwood’s constituents (he is LIbDem MP for Cheltenham) allied to a gravy train for the suppliers of mass storage devices, and a sharp tilt of intra-UK telco and ISP playing fields in favour of BT while those wanting to avoid surveillance use steganography to communicate via off-shore operators?  

At the heart of the problem is the sincerity of those who they say that all they want to do is to preserve the status quo. Unfortunately  the status quo they assume was never quite like that – and, even if it was, would not be fit for purpose in the world of today, let alone tomorrow.


The achievements of Bletchley Park in World War 2 were stupendous- but we intercepted a fraction of enemy traffic, accurately recorded afraction of that, attempted to decrypt a fraction of that and successfully decrypteda fraction of that. The success came from targeting resources, not attemptingto boil the ocean.

The engineers of the Post Office and of Cable andWireless who subsequently recorded cold war and terrorist telephone calls andtelegraphic traffic were servants of the Crown operating under the OfficialSecrets Act as well as a magistrates warrant when the request came from the police.

Then the Thatcher government set about demolishing thecommunications monopolies of the Post Office and Cable and Wireless in parallelwith privatising them. This helped trigger a process of global change,including the end of the AT&T monopoly in the US, which enabled therise of the Internet, a network of competing networks. Now mobiledevices often communicate locally with each other, without passing overa network at all, This facility, used by Anna Chapman to bypass US wiretapping, is being promoted as part of contingency planningfor when networks have to shed non-emergency traffic during the Olympic.  

The “status quo” that those calling for data retention seekto preserve is that of the early 1980s when all intra-UK communications still passedthrough BT switches and all overseas communications were routed via Cable andWireless. The mind-set behind current proposals appears to be to create a modernequivalent of that bygone age.

I would not be surprised if some of thoseinvolved also look forward to recreating a situation where all UK communicationstraffic, mobile as well as fixed, once again passes through BT operated switches and monitoringstations. Indeed  it has been alleged that the proposals are intended to help encourage this by imposing disproportionate costs on others.

But the world has moved overthe past 30 years. If the objective is to be able to mount surveillance onIslamic Terrorists in much the same way as that on the IRA on the 1980s, it would almost certainly be morecost-effective to work through the technologies and structures that underpin today’s world of ubiquitous computing than try to recreate those of yesterday.The latter is an expensive and ineffective pursuit that risks uniting civilliberties and business lobbies in a way that has not happened since England’slast revolution – in 1688..

 At the Scramblingfor Safety debate last week, Nick Pickles, Director of Big Brother Watch said thatpart of the current problem was that Britain had never had a proper revolution.He was wrong. More-over one of the triggers for the Glorious Revolution of 1688was revulsion with the surveillance system used by James II to support his creationof an absolutist monarchy. One of James’ last acts as Duke of York, before hebecame King, was to suppress Dockwra’s penny post. This had transformed London’s business communications but had also enabled conspirators (including thosecarrying on illicit love affairs, not just political opponents of the King) towrite to each other without James, (who ran the Royal Mail service for hisbrother), being able to have their letters steamed open.  After the revolution Dockwra was given theRoyal Mail to run and was himself subsequently sacked himself for opening and detainingcorrespondence. The oath I took when I became a Freeman ofthe City Of London dates from around then. It requires me to inform the LordMayor, not the security services, if I know of any “gatherings” or “conspiracies”against the Queen’s Peace. Those who say the debate over interception goesto the heart of what it means to be British are not “barking”.

I do not, however, believe that we can afford to do nothing in theface of a rising tide of Internet assisted crime of all types, not just terrorismand less violent forms of subversion. Something must be done. But it would stillbe better to do nothing than to require data to be stored in case it might beneeded, without any responsibility or liability on the part of those requiring it to be stored in theevent of unauthorised access and abuse.    

My hope is therefore that we will start looking at solutionsthat are fit for the 21st century, with its tensions between privacy and security, localism andglobalisation and uncertainty with regard to direction and pace of technology change. In looking to preserve ademocratically accountable society we need to look at more practicalways of identifying and monitoring communications between criminals andterrorists. That should include learning from the global monitoring andintelligence services organised to help banks, telcos, ISPs and on-line retailersto protect themselves and their customers from attack. These now include routines to track the source of on-linetransactions and communications and to take action under a mix of existing civil andcriminal law against those responsible. Using suchroutines to help organise targeted interception and retention, instead of trying to record everything, should be a no-brainer.

I am currently advising the Cybersecurity work stream of the Information Society Alliance (EURIM) on the practicality of puttingtogether a small group to facilitate trusted intelligence sharing between those for whom such services are alreadya multi-billion pound commercial business. Some of those concerned believe thatthis would also offer a more cost-effective way forward for government current proposals.Others fear that the very different attitudes to the issues of accountability wouldmake co-operation with central government security services, as opposed to with local law enforcement under judicial control, a non-starter.

I personally believe the way forward should be basedon a mix of “aid to the civil power” (placing this much higher in GCHQ’s priorities) and community policing, with clear legal frameworksfor handling the consequences of voluntary peacetime co-operation with law enforcement,under judicial oversight.

How to achieve that is another matter.   

 

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close