In Depth: Government needs to treat our data with respect
Treat our data with respect
The UK government seems to want to actively debug its citizens, expanding its already copious powers to obtain communications data.
Soon, as we go about our regular lives – a large proportion of which are now spent online – potential new legislation could be used to store the skeletons of our conversations, their causal interactions, their flippant remarks and their heartfelt confessions.
Except, nearly all that context will be lost. Instead, it will be replaced by a stream of IP addresses, mobile phone numbers, email addresses and protocols, all ripening for a fishing expedition. As long as that expedition satisfies the principles of necessity and proportionality derived from the European Convention on Human Rights (ECHR), as defined in government guidelines.
Look through my search history today, for example. I’ve searched for Mosh, Jailbreak, Noel Edmonds and the Yodok concentration camp. Throw 12 months of other searches into the pot, stir in some emails, IRC and a few MSN chats, and you’ve got a perfect recipe to find me guilty of almost anything. It’s the kind of situation Philip K Dick wrote about. Or George Orwell. Not to mention Milan Kundera’s The Joke.
As I see it, regardless of the ethical implications, there are also two major technical problems with this legislation. The first is that this proposal is debugging of the most processor-intensive kind, and it’s impractical for all but emergency situations.
It’s the kind of debugging a programmer will only use when things have gone very wrong, and for when the only way of discovering a fault is to run the application through a virtual CPU that logs every interaction for later analysis. This works, but it’s far more effective if you either, a) get your code correct in the first place, or b) build the framework for your code in such a way that problem areas are easier to discover and easier to rectify.
Reverse debugging of this nature slows your machine down to a snail’s pace and generates vast quantities of output. If the government goes ahead with its scheme, it’s going to be an impossible task for the ISP, or whoever collects this data, as they will struggle to manage yottabytes of data (this is an exaggeration today, but what about when the next generation starts using the internet?), all of which will need to be stored, backed up, indexed and cross-referenced.
And the recent claims that there will be no single database is nonsense. The idea is to create a single portal to the data, wherever it may be stored.
The second major problem – and there are many more – is that any mildly technical person will be able to side-step the lidless eye of the government scrapers. Encryption, trojan networks and chits of code hidden under rocks in Hyde Park will all help people stay hidden if they wish to.
As a result of this legislation, more people will want to stay hidden even when they’ve got nothing to hide. And the more people are hiding stuff, the more difficult it will become to sort the goodies from the baddies.
Attempts to subvert these people might even push the legality of projects like Tor over the edge, turning the UK internet into a snooping web of deceit.
It’s more likely, I think, that we’ll be given some time to get used to the idea, then any new legislation designed to tackle obfuscation technology like encryption or anonymous routing would be treated as an attempt to subvert existing legislation, rather than projects that have historically allowed people in police states and war to communicate freely.
This treatment of technology by politicians, like it’s some magic panacea, is wrong. Especially when they don’t seem to understand the issues and the consequences of what they’re dealing with.
Judicial process, not a political one
The 2010 Annual Report of the Interception of Communications Commissioner, for instance, states that “public authorities as a whole submitted 552,550 requests for communications data”, breaking this down with a terrible graph that shows 28 per cent was for traffic data while 65 per cent was for subscriber data. It then naively lists a series of case studies to show how well this publicity is working.
And it does work, in those cases. Government policy is making the assumption that more data is going to equal more success, without any consideration for our sense of liberty or the technical challenges involved.
After these proposals have been officially announced, I’m planning to see my MP in his mid-May surgery. The ethics, the technical difficulty and the redundancy of this level of intrusion have equal impact in my mind.
I’m not asking for a return to the days of Dixon of Dock Green. I want a judicial process, not a political one. I want our data to only be shared when there’s a genuine reason, and I want it to be treated with the same respect we should have for ourselves.
We’re still innocent until proven otherwise. Only then can the full focus and power of the law be bent towards stopping genuine criminal behaviour and taking legitimate advantage of the massive advances in communications technology.