Why are we basing surveillance policy on myth and legend?

I have blogged before on the reluctance of both sides to admit to allow reality to enter current debate on surveillance policy. In one of my subsequent blogs I said that a core problem was the sincerity of those who believe that the legislation is seeking to preserve a mythical status quo during a time of radical technology change.

I think I should expand on this because current publicity for the achievements of Bletchley Park ignores the fact that one of its greatest triumphs, the breaking of the new U Boat codes would not have been possible without American assistance on a scale that has been airbrushed out of history. By the time Shark was broken in December 1942 the US Navy was running more Bombes than Bletchley. The other incredible achievement, the monitoring of German planning for the Battle of Kirsk and the processes used to pursuade Stalin to believe what was being passed to him, was indeed peculiarly British. But that was mainly because  Anglo-American co-operation did not extend much beyond the US Navy until 1944 (US inter-agency politics rather than UK reluctance).

The ability of GCHQ to do what it does depends on a series of Mutual Assistance agreements, the latest of which (the intelligence clauses of which have never been revealed so they may, or may not, be relevant) is due for renewal in 2014.

The effective monitoring of Internet Traffic today depends even more on international co-operation. Giving BT, O2/Vodafone/C&W and 3/Everything Everywhere £200 million a year to retain communications data at teh saem time as tinkering with the legal routines to give access to UK law enforcement to what they have retained (as is proposed in the current bill) is meaningless unless it is part of much broader picture.

Far more significant (and also with more impact on UK competitiveness) are the requirements on Banks, Payment services and Transaction Processing operations to retain data in case a regulator might want it.

Far more significant to those concerned about personal privacy are the advertising-funded business models of major ISPs and access, under the Patriot Act, for any data stored anywhere by US-based ISPs on non-American Internet users. Once data is stored it can also, or course, also be demanded under court order, civil or criminal.

Now add in the commercial (both legal and illegal) services already available to help Banks and On-line retailers to identify malpractice and track and trace those attacking them and their customers. Now look at the way those services are being used by, for example Iran and Syria, to identify, monitor and “remove” disidents.

Now look through the other end of the telescope at the way we are failing to make effective use of such services to reduce the cost of fraud (with, for example, the same credit cards being used simultaneously around the world for days or weeks before they are flagged by card operators) or to identify and remove those preying on the vulnerable (from children to silver surfers).  Also take a look at how the Internet really works, “a cartel masquerading as anarchy” remains my favourite description, and at the forces driving the transition to IPV6.  

Now perhaps you understand my question.   

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close