Yesterday, the first set of evidence into the Home Office’s controversial interception plans was heard in front of the special committee established to look at the draft bill and you can watch the Video on Parliament’s web site. (More is scheduled for this afternoon).
We learnt a few things about what’s being planned as a result of the evidence given, which was predominantly given by Charles Farr, ex-MI6 man and Director of the Office for Security & Counter-Terrorism.
Firstly, the existing Regulation of Investigatory Powers Act and Data Retention Directive are allowing police and security services to get access to around 75% of the data they are after. It’s envisaged that the wide-scale interception of communications data would increase that to 85% – so by only 10%, which seems a huge cost in both monetary and civil liberties terms for a relatively small increase. The existing shortfall was attributed in part to “ambiguities” in the EU Data Retention Directive as it’s implemented in the UK.
Secondly, when asked about their ability to break cryptography they Home Office mandarins ducked the question, instead saying that their preferred method was to “co-operate” with (I.e. coerce) service providers. This would be the likes of Google, Facebook and Twitter, both UK-based and foreign, so that they stored the communications data themselves.
They were quite clear on this point when asked about “black boxes” too and not just crypto – even though interception is the very first clause in the draft bill, they claim the main thrust is retaining data at the service provider.
A big hole in their argument as a result is that they have not made clear why altering the existing Data Retention Directive to allow this isn’t enough. There is a big difference in liberal terms between being asked to retain data you already have and actually listening in to obtain data.
The issue that remains is foreign non-cooperative service providers who cannot be coerced and the Home Office seems to imagine only intercepting communications as it enters and leaves the UK, and not widespread interception within the UK. This approach will cut the number of boxes they need. They may not even need to talk to big household-name service providers to do this, instead targeting the lesser-known (To the public) fibre providers who offer the bits of glass that go under the oceans, seas and English Channel.
This has the side effect of also intercepting private (Non-internet) traffic and communications transiting the UK from, say, the US to Germany. I’m sure this point hasn’t been lost on those pushing for it.
In terms of capability, the spooks believe it will be nearly impossible to remain anonymous with the volume of data they are able to collect, something that has sinister overtones for anyone with a genuine need to speak out against the establishment or against the police. You don’t even need to look as far as China to see this in action, as it would be the police justifying the use of interception and there is far from universal trust of the police to regulate themselves in this country.
On the topic of the police self-justifying their use of powers, requiring warrants to obtain data for lesser needs (e.g. Harassment and Non-payment of fines) was discussed and the Home Office did not seem to have a good reason why this shouldn’t be the case. Their argument in favour of allowing minor offences to be included is that they might escalate into more serious offences, and that’s OK because they don’t (ab)use these powers much. (Yet…)
Finally, they were asked by one MP if they could rule out “fishing” expeditions where they would obtain the data from hundreds of users but they were not able to do this. The example given was if they know a suspect was at a certain place, they might pull the communications data for everyone in that area at that time.
For those interested in this, there is also an ongoing consultation where you can submit evidence direct to the committee.