Stories came out yesterday, leaked as ever from some unknown source, which have led to justifiable outrage about proposals to capture all our online communications. We all know that one shouldn’t entirely trust what is in newspapers, especially when the security services are involved and there is a palpable lack of detailed announcements, but liberals everywhere are rightly anxious.
I’m extremely concerned about the extension of state surveillance, and have fought hard to stop it. Since I first got wind of the proposals in 2010, I’ve had a series of meetings with industry experts and others about it. I asked the Prime Minister about it in October 2010 and, while the details remain cloaked, I have some idea of what might be proposed.
Communication Service Providers (CSPs such as your mobile phone operator or your internet provider) are already required to keep information about your communications for 12 months – who you ring, which domain name you visit, but not the content of the call or text. This can then be accessed by the police and security services using RIPA – and by others, in some cases with even less safeguards than RIPA!
Labour tried to take this already illiberal position further, with a massive project called the Intercept Modernisation Programme – this would have stored all of this information and more in a huge central database, so the police and security services could access it easily and at any time. The policy was a dream to totalitarian control freaks; a nightmare for anyone who cares about freedom.
This project is dead. We and others fought hard to stop it, joined by the ISP industry itself. And there are no plans to re-enact this scheme – the PM confirmed to me that ‘We are not considering a central Government database to store all communications information’. If there was such a proposal I would oppose it to the last.
But that still leaves the existing CSP-specific databases they are required by law to have. What the Government does with these databases is absolutely critical and a great concern. The Coalition Agreement is expressly clear on this point. ‘We will end the storage of internet and email records without good reason’.
What’s a ‘good reason’ for keeping them? The security services insist they have good reason for keeping lots of things, but frankly, I’ve never found the argument ‘we know but we can’t tell you’ very persuasive. Especially when it is overused by the same people to argue for every power they want, from 90-day detention to control orders to the existence of WMDs in Iraq.
Unfortunately, we are bound by the EU data retention directive so unwinding the existing system is unlikely to happen, despite our continued calls for reform at the EU level. But the security services push ever on, and the Home Secretary appears to trust them. And now they are pushing for a supposedly ‘modest’ increase in powers.
I haven’t seen the details of these proposals – not for want of asking – but it’s clear to me that what we want is more safeguards, not more powers for the state to keep data. We have already killed off some of the obviously illiberal proposals that have been floating around. The idea that if you send or receive an encrypted message you should be legally required to give the state the key is completely gone.
And some of the suggestions floating around of what might happen are simply wrong – to quote Nick Clegg: ‘I am totally opposed, totally opposed to the idea of Governments reading people’s emails at will or creating a totally new central Government database. The point is we’re not doing any of that and I wouldn’t allow us to do any of that. I’m totally opposed as a Liberal Democrat and as someone who believes in people’s privacy and civil liberties.’
I’ve asked for both the Home Secretary and the Head of the Office of Security and Counter-Terrorism, Charles Farr, to be called publicly in front of the Home Affairs Select Committee (on which I serve) to explain what is and is not proposed, so that we can all see what they are actually proposing. I’m delighted that the Chair, Keith Vaz, has agreed to try to arrange this as soon as we can.
What I would like to see is strong safeguards – better than we currently have under RIPA and other legislation. It is currently far too easy for people – eg at DWP – to access communications data, and this has to stop.
The Home Office wants to have access to information about not just who we text but who we tweet, who we skype to as well as who we ring. Now, this may seem to be no more objectionable than the current position but, technically, it is a complete mess. Your Internet Service Provider doesn’t have a clue who you facebook, and doesn’t want to either.
No expert I’ve ever spoken to can see how this could possibly be done without great expense and without allowing access to the actual message that was sent – which is not legal without a warrant from the Home Secretary.
Together with the excellent Dr Jenny Woods, we therefore wrote an amendment to my civil liberties policy at the last conference, spelling out what we want to see – the Liberal Democrat requirements for any proposals – strengthened safeguards, ensuring no ‘accidental’ interception of data, and trying to change the underpinning EU data directive. It says that we back the right to privacy by:
a) ensuring that there shall be no interception of telephone calls, SMS messages, social media, internet or any other communications without named, specific and time-limited warrants;
b) guaranteeing that any communications data kept by service providers in accordance with the EU Data Retention Directive are kept securely by the service providers, and that they be only released to government bodies with strict and strengthened safeguards;
c) ensuring that service providers are not mandated by law to collect communications data by any method that would also provide access to content information, unless specifically authorised by a warrant;
d) ensuring that service providers are not mandated by law to collect third-party communications data for non-business purposes by any method;
e) renegotiating the EU Data Retention Directive and changing how it is implemented into UK law, to provide a better balance towards privacy.’
There still may not be a Bill at all in the Queen’s speech. That would be my preference. But if there is one, it must be one that increases the current safeguards not that just feeds the powers of the state. Strong safeguards are critical, they are the very essence of our civil liberties and no liberal can support any state surveillance without them.
Liberals everywhere must watch this space with caution.
* Julian Huppert was the Liberal Democrat MP for Cambridge from 2010-15
Follow @LibDemVoice on Twitter
Like us on Facebook
Subscribe to our feed
Sign-up for our daily email digest
Anyone try the West Cliff Lift?
Dropping the 1p tax rise has political costs too
Matthew Sweet on conspiracy theorists and the media
A blob-chart way of dissecting Britain's prosperity failure
A matter of trust
New housing planned for Fishmore Road - Environment Agency wants more information
Michael's weekly ward surgeries today! #dundeewestend
Ewan Hoyle
James Baillie
Tom
Bob Hale
26 Comments
Finally, after a day of terrible headlines and quotes that have done murderous things to my blood pressure – a ray of hope. I am glad that the HSAC is moving towards hearings on this matter; more importantly, I agree that any bill must include tighter restrictions on intelligence gathering activities as a whole. Warrants must not be obtained from nameless civil servants, police officers or even a Cabinet Minister – they must be obtained from a magistrate at the least, preferably a judge, and they must be time-locked to prevent ongoing surveillance without review.
It would be a great morale boost for me if I knew we’d managed to get fresh oversight of the intelligence and security services this way; I can see the argument for expanding intelligence powers to cover more mediums, but I do not think it should happen without much tougher controls. Further more, I think that the HSAC should look to having the heads of MI5 and GCHQ testify before the committee on these proposed powers.
If we do kill more of these ideas, please follow the example of Henry VII – display the slain body of our foe proudly. We need our spirits lifting before the local elections, this would be a way to do it.
If it’s an already illiberal position at present, then the liberal thing is not simply to regulate how they use it but to retrench the powers they already have. That’s what the Freedom Bill was supposed to be about as far as i am concerned.
I used to hear these kind of excuses from Labour people about how RIPA etc controlled access rather than granted something that was already being done. If that is the case here, then regulating it is not enough, outlawing it is the liberal response.
Thank you Julian. It is good to read this stuff and we know you are on the right side of this issue. But:
1. Nick has come out in favour of these ‘proposals’. You may not have seen them – but from his quote, he most certainly has. Why are they so secret if there is nothing to worry about – to the extent that not even you are allowed to see them?
2. Why isn’t there a Lib Dem leading the charge in the media. As I’ve written earlier, the silence from the leadership is deafening ( http://www.newstatesman.com/blogs/the-staggers/2012/04/lib-dem-members-civil-clegg ).
3. As this piece ably demonstrates ( http://gregcallus.tumblr.com/post/20290988744/phone-hacking-more-pinging-still-government-policy ) , there are a whole lot of reasons why we should be strengthening the safeguards against intrusion in this area – not extending the powers. If other LDV readers read nothing else today, have a glance at this. Its terrifying.
Julian, I think you are doing a terrific job, as is Jenny Woods. But we must all continue to fight against this sort of intrusion into civil liberties, and the silence over the last 36 hours from the leadership – and now apparently Nicks support of the ‘proposals that are not proposals’ – is deeply troubling.
Oh, and we can, and should, disobey illiberal laws and directives from Europe and let them sue us or whatever they would do. We also know that the EU would like to take this further (see the stuff at DLD by the EU information commissar). Drawing a line in the sand by disobeying their existing directives would be a good start toward cutting off their ambitions at the root. Europe should not be an excuse for implementing illiberal policies.
CSP are not required to already track which websites you visit “unless the do it as part of their normal business operations” much to the annoyance of LEOs.
The planned changes are about increase the ease of access to communications data by LEOs and increasing the scope of what is classed as communications data i.e. bringing into RIPA/DRA those things that are clearly communications data from a technical point of view, but missing from what is currently contained in the Act because they are not recorded as transactions by CSPs today.
So to be clear: the idea is to have my ISP log every private message I send on, say, Facebook? The ISP will have a box that pretends to be Facebook and will act as a relay between myself and the real Facebook page. This in order to overcome the SSL encryption. It will then decrypt and scan all data along the connection looking for private messages. When it finds one it sends the name of the recipient, the subject, and the time stamp to the old bill and then encrypts and stores the contents on the ISP server for 1 year in case they want to follow up. Rinse and repeat for every communications site out there. Technically possible I suppose but sounds very expensive and will require extensive ongoing maintenance and for Facebook etc to agree not to deliberately foil it, which they could do trivially. Technical and cost issues aside the idea they think they have the right to do this at all is pretty chilling!
” We have already killed off some of the obviously illiberal proposals that have been floating around”
Thank you Julian, fine work.
If you do question the Home Secretary or Charles Farr, I hope you’ll ask what their proposals will cost.
Yes. This is why the Freedom Bill, which is still working its way through parliament in a blaze of media silence, contains Part 2 Chapter 2, which changes the communications intercept and surveillance bits of RIPA to require judicial oversight (a form of warrant) where they did not previously do so.
Where’s your problem?
“…this would have stored all of this information and more in a huge central database, so the police and security services could access it easily and at any time. The policy was a dream to totalitarian control freaks; a nightmare for anyone who cares about freedom. This project is dead. We and others fought hard to stop it.”
That sounds like desperation. If, as reported, the government is to give its spooks access to this information on demand and in real-time, then what difference does it make whether the data resides on a government server or some server elsewhere?
Can you confirm if this pro-CCDP Lib Dem briefing is legitimate?
https://docs.google.com/file/d/1_wMtlFHrktpyOEFSkRSmBnOBPYDkPF6y-gL7Es_h0tu58aPVeHq9p45ulRcX/edit?pli=1
IF the measures as leaked go through, then we can no longer call ourselves Liberal Democrats. Freedom, liberty and human and civil rights and liberaties are at the very core of our beings.
Give in to the terrorist-obsessed in both Labour and Tory paries and we are finished. we have done without the imposition of these draconian powers, and we are still here. give in, and we shall be living a political lie.
We do not need them and we must do everything to defeat any proposals by the vested interests of the securicrats.
“Yes. This is why the Freedom Bill, which is still working its way through parliament in a blaze of media silence, contains Part 2 Chapter 2, which changes the communications intercept and surveillance bits of RIPA to require judicial oversight (a form of warrant) where they did not previously do so.”
I think you’ll find that it’s only local authorities who will be subject to judicial oversight. Other public authorities will be unaffected.
Julian your post is excellent, it is a million light years away from the email I have received from Lyne Featherstone on the matter. Lyne’s email appears to simply regurgitate the key messages from the leaked Lib Dem briefing document that is now circulating the internet.
I think we have to be clear that creating a system in which security services can access ISP logs in real-time is in practice no different from a centralised database system. It is in effect a form of cloud computing. So can someone please knock that fallacy on the head.
The next fallacy is that this is simply an update of existing capabiolties to cope with modern technology. Lets be clear at no time has any government anywhere in the world at any time had access to this sort of information in real-time about who we are communicating with.
The regulation contained within the Freedom Bill for RIPA does the bear minimum. For instance it only covers the use of RIPA by local authorities. The only account for 12,000 uses of RIPA when there are hundreds of thousands of uses every year by dozens of organisations (including both government departments and agencies and quangos).
The EU data directive was it’self forced through the EU by Charles Clarke just weeks after the July 7th bombings. The current position where ISP store all information is intolerable and illiberal. It should not be viewed as something that needs expanding under the guise of it being updated.
Having real-time access to the information goes well beyond any formal request to the ISP to hand over data. At least the later can be governed by some form of oversight and legislation. The former lends it’self to abuse and fishing expeditions by security services.
As Liberal we should be pushing for something that gives us something like 4th Amendment rights. We should be building a new privacy law to keep the state in check and guarantee individuals have the right to a family life.
Source? I was looking at the text of the bill from about a month ago, and I saw no such limitation – the changes applied to all uses of RIPA for communications intercept and surveillance purposes.
@Andrew
See Part 2, Chapter 2, Section 5, and also the “explanatory notes” document for the bill.
On this evening’s BBC news the Home Office is reported as using the word “robust” to describe the security for RIPA. A quick google search suggests that SPoC’s just use a PIN based system. I’m sure that can’t be right. My bank stopped using several years ago because it’s so feeble. Please tell me that access to details of where I went today (Runnymede – to see the Magna Carta monument) aren’t available to anyone who happens to correctly guess a PIN number?
Today we have learned that some vast number of credit card details have been stolen in New York from the databases of a payment services provider called Global Payments (the company acknowledges the security breach on their website). Gartner suggest that the breach was caused by the security methodology used by Global Payments (http://blogs.gartner.com/avivah-litan/2012/03/30/new-credit-card-data-breach-revealed/). The security system uses knowledge-based authentication to be used to access sensitive personal financial information.
As an IT consultant who has spent 25 years working in this area,experience has left me with not a shred of confidence in self-described “robust” security. Every week I read the technical details of alarming IT security vulnerabilities – the range of exploit vectors is only matched by the inventiveness of the attackers. The only way to avoid theft of online data is to not have it online at all.
.
If we changed our foreign policy and stopped behaving like world policeman and supporters of just one side in the Middle East, we wouldn’t need all this counter-terrorism and security nonsense.
“Instead of collecting information about every person in this country’s internet use, we believe that an alternative approach, based on targeting, warrants from law enforcement agencies and other safeguards is a better approach.”
Anybody remember this? I seem to remember reading it …(now where was it?) ….. oh yes a Lib Dem Manifesto.
Not that anything in that document seems to matter much these days
ex lib dem voter
In the version I have, section 5 lays out the additional requirements that a judge must verify for some authorities, in addition to the standard tests that the intercept is for an appropriate purpose and is proportional to the scale of the problem, which are that the person making the request from local authorities or other persons designated by the Secretary of State are properly authorised and are complying with additional regulations which the Secretary may make.
It does not exempt bodies other than local authorities from the basic tests of being for an appropriate purpose and proportionality. Nothing exempts them from needing judicial review.
You are referring to a document from last October, which would appear to be an inaccurate description of the bill as currently amended, although I don’t know what changed or when. This legislation is viciously complex so it’s possible I’ve missed something, but the Freedom Bill as written appears to apply the judicial tests to everybody. It definitely covers the police. I’ve no idea about GHCQ.
@Andrew
I’m not convinced. If chapter 2 applies to everybody, then why do sections 5 and 6 go to such lengths defining “relevant persons” who are officers of local authorities? Those sections would be entirely superfluous if the new law applied to everybody the same.
Yes, I was referring to the explanatory notes from October, but I’ve skimmed through the various amendments published since and I can’t see anything which extends the scope.
The Bill’s web page sums up chapter 2 thus:
“introduces a code of practice for surveillance camera systems and provides for judicial approval of certain surveillance activities by local authorities.”
Ah, figured it out. This is a “staged commencement” deal. The rules are written up so that they can apply to anybody, but only activate immediately for local authorities. Secondary legislation will be needed to switch them on for other bodies. The rationale behind doing it this way is that they want to see how well the judicial oversight works before applying it to the other groups.
So, we need to get the bill passed and then make sure the secondary legislation goes through.
Keep fighting, Julian, don’t give up.
It is both amusing and depressing to read discussions about the potential omnipresence of state surveillance without any mention of either the surveillance desires of the corporate sector or the no-holds-barred policy of intelligence organistations in the USA. The proposals for expansion of surveillance coverage in the UK as mooted pale in comparison with the data-mining capabilities already available to the CIA/NSA/etc, not to mention the gigantic server facility being built for the NSA in Utah specifically to scan and monitor all electronic communications of every kind. When Nick Clegg voices his opposition to government having such an ability, I presume it does not extend to the government in Washington.
Well done fighting this.
It occurs to me that none of the movements that have given humanity freedom over the years (eg Magna Carta, American Independence, The Suffragettes, The White Rose, Solidarity,) would have succeeded, had the government of the day had access to as much power as ours already does, let alone the amount of surveillance it wants to get.
One thing I would still ask: we should unilaterally withdraw from the EU data-retention directive .
[one way to do this while still remaining within the letter of the law might be to require service providers to keep the data encrypted, but not to have any requirement that they keep the key.; another would be to treat failure to comply with the DRD similar to how sunday trading was: ISPs pay a nominal £1 fine every time they are prosecuted for non-compliance]