Who do you trust less with your digital footprint - Your ISP or Your State Security Service?

On the eve of the meeting of the Internet Engineering Task Force last March, the Conservative Techology Forum held a meeting  at which there was general agreement  that the time had come for more openness about the  governance procedures of GCHQ in order to help rebuild confidence  after Edward Snowden‘s revelations.  There was also discussion as to whether those procedures were more or less opaque than those of the on-line service providers, who collect and store the fine detail of our on-line footprints. 

When the IETF had a session with MPs of all parties on the following evening, we heard of the “breaking of the Social Contract that underpinned the Internet”. I then blogged on the issues raised during the reception afterwards when leading figures from the IETF and ISOC were candid about the challenges they faced in structuring honest and constructive debate between engineers as opposed to allowing lawyers to dictate the future.  

Since March we have many more attacks on the governance processes of UK and US law enfircement and surveillance services, with no recognition that they are very different.  US based companies (and their lobbyists) would like the UK to copy the court-driven processes with which they have to live back home –  where locally elected judges can authorise, for example, the collection of data to enable investigations into the tax affairs of their political opponents. 

The differences  between the governance processes of GCHQ and Fort Meade can cause tension,  but on balance, the result has almost certainly helped resist the trend toward unaccountable autocracy in both nations – at least on the part of government, if not on the part of the shrinking cartel which now controls the access of most of us to the Internet .

Until publication of Sir Ian Lobban’s  valedictory speech we had, however, almost nothing on public record about how GCHQ’s interprets UK  governance, including the determination of its staff to resist the pressures of politicians  to gather dirt on their opponents (as in France or the US) let alone their opposition to the routine mass surveillance of which it is accused and of which so many of its attackers  are themselves guilty.

Remember that when an Internet Service Provider says its monitoring operations are to “improve customer service”, you are NOT the customers they mean. They mean those who pay them for analyses of the data they have collected about YOU. Even much of the free ad-blocking software is funded by those who pay for loopholes, alias whitelists  .

If information is the new oil, has the time come to break up the Rockefeller Empire?

If so, we should also remember than within a decade the Standard Oil of New Jersey was bigger than the parent had ever been.

Hence my comments on the importance of also looking at the business models of the Googlettes when looking at those attacked by Robert Hannigan for aiding and abetting terrorists and  criminals .

The collective response of the ISPs  was predictable – albeit not necessarily wrong.

At this point, however, we need to look at the evidence available on the balance of public opinion and think long and hard about what that evidence really means – assuming we are serious about democratic values and holding dominant commercial players, as well as government, to account.  

When I blogged on IT at this years’ party conferences, I pointed out the IPSOS Mori data showing that the public trusted law enforcement  and central government with rather more than they trusted their Telco or Internet service provider.
This morning the daily YouGov poll was on attitudes to Internet regulation.  When I voted the tally was running at :

  • Much more regulation of the Internet 18%,
  • A bit more regulation 32%,
  • Currently about right 29%,
  • A bit less 7%,
  • Much less 5%,
  • Don’t know 8%.

Digging deeper indicates that consumers  are more concerned about fraud, abuse and bullying than about cyber-terrorism. The claim that mobile roaming to reduce the number of not-spots should not go ahead because it makes surveillance harder  is therefore likely to get short shrift, were it even true.  I am awaiting details from my moles but suspect the reality is that the mobile operators want any excuse to avoid national roaming and have yet to come up with an alternative solution to the not-spot problem, other than infrastructure sharing. 

Meanwhile the urban mobile traffic of much more interest to the surveillance services is increasingly being off-loaded onto wifi-hotspots. I therefore commend the Matt cartoon in the Daily Telegraph on November 6th: One country yokel to another saying “I wanted to become a jihadist but round here  the internet’s too slow and there’s no mobile phone cover”

The time has indeed come for a fresh look at responsibilities of those who take £billions in untaxed profits out of the UK while claiming they are unable to protect their customers from abuse. As part of that review we should, however, also look at the reliance of state surveillance systems on outdated communications architectures that stand in the way of allowing the UK’s digital infrastructure to evolve in line with customer needs into a world of ubiquitous, seamless, mobile, connectivity.

That almost certainly means tapping, instead, into the systems used by ISPs and their advertising (and other) “customers”, to follow the every move of those whose communications they are monitoring, including via the GPS locations of the devices they use.

Such an approach raises many questions and the answers need to be based on genuin e public consultation not hurried discussions with vested interests.  In the meantime  I urge all those concerned about  addressing the not-spot problems, urban as well as rural, to respond to the DCMS consultation on mobile roaming.