On Monday I arrived back in the United Kingdom after a visit to Georgia – a beautiful country, but one with an authoritarian government. Imagine my surprise when I picked up a newspaper at Heathrow and read claims that the government was proposing to monitor and store all internet communications in the country.
We have since attempted to play down the scale of this proposal, but I am incredibly concerned that it would be far wider than is generally believed – and this is because of the technical difficulties of interception.
A key distinction that has been put forward is that these proposals will be used only to monitor ‘communications data’, not content. This ‘communications data’ would include timestamps, duration and the participants of communications – what we would call metadata in computing. We have been offered assurances that metadata and metadata alone will be stored, but it many cases this is not technologically possible. Most of the internet simply does not work this way.
Consider for example a foreign webmail provider – which are a key focus of these plans, as unlike UK-operating providers their information cannot be obtained by serving warrants. Under these proposals we would like to be able to find out who you are emailing and at what time. However, the only data they have to work with are the webpages sent to your computer by this webmail provider. This webmail may be in a foreign language; the layout of its pages is entirely arbitrary. The only way to identify emails and the metadata is to read through every single bit of information sent to your computer and pick out the relevant elements. This cannot be done automatically – no computer program could understand every language and the format of every email provider in the world. The only way to identify metadata is store content as well, then analyse it all later.
This means that this separation of content and metadata is worthless – any system that actually enforces such separation would useless as an interception tool. However, it gets worse. Remember how the proposals suggest this information should be stored for two years? As we cannot separate metadata from content in many cases there is only one technically feasible solution to meet this requirement – storing the entire internet traffic of every individual in the United Kingdom for two years. The content of every website you have visited, the data transferred by every application you use. After all, any website could actually be an email service, and any application could be exchanging instant messaging information. We cannot just store this information on suspicious individuals, otherwise the security services cannot look back on earlier communications; every single computer in the UK must be monitored.
This is the only option that provides the level of interception that is proposed – and it is a monitoring system that any dictatorship would be proud of.
Now, you might think that you could get around this by encrypting your communication. After all, the best encryption algorithms take years to crack, even with supercomputers. However, the government already has an incredibly sinister power that forces you to incriminate yourself. Encryption scrambles the content of messages, but they can be decoded with a special key. Now let’s imagine that you encrypt some of your own information – perhaps it is politically or commercially sensitive. If you don’t tell the government the key you can be sent to jail for two years – even if there is no effect on national security. You don’t even need to be suspected of criminal activity – refusing to hand over encryption keys when asked is a strict liability offence. You are simply forced to decode or go to jail.
Our Parliamentarians must stand up and kill this plan entirely – civil liberties must always be the ultimate red line for the Liberal Democrats.
* Robbie Simpson is the Vice President of Liberal Youth Scotland and is about to complete a Masters degree in Computing Science with a focus on information security.