THE BLOG

The Snoopers' Charter Only Codifies The Extreme Of What Was Already Being Done Unlawfully

23/11/2016 15:06

Earlier this year, the Investigatory Powers Tribunal ruled that UK security services, including the Government Communications Headquarters (GCHQ), MI5 and MI6, had been unlawfully collecting and using mass datasets of personal information for more than 10 years. This was the first case in the tribunal's 16 years of existence that led to a ruling against GCHQ, but the timing couldn't have been more pertinent - Theresa May's controversial Investigatory Powers Bill, dubbed the 'Snoopers Charter', was well on its way to becoming law.

The ruling identified that the intelligence agencies had been prying into the private communications of millions of people online. It found that the methods used violated the right to privacy, as set out by Article 8 of the European Convention on Human Rights (ECHR), until November 2015 when this was admitted and codes of practices were put in place.

Fast forward to November 2016: the infamous Snoopers' Charter sneaks its way through the House of Lords - the most draconian digital surveillance legislation to exist in any democracy.

So how much has truly changed since Edward Snowden blew the whistle on the US' National Security Agency's (NSA) "Prism" program, the clandestine surveillance operation which saw the implication of the UK's own GCHQ, and the indiscriminate collection of millions of texts, emails, social media messages and other digital communications?

The answer is a bit more complicated than you might think. For one, the bill's legalisation of 'bulk data collection', which would allow the mass and indiscriminate data collection of everyone in the UK (sound familiar?) isn't much of a change from what our security services had been doing already.

So-called 'Bulk Communications Data' (BCD) and 'Bulk Personal Datasets' (BPD) were already being utilised by the intelligence agencies to analyse certain trends which might point towards threats to national security. BCDs allowed the agencies to work out the 'where, when and what' of private messages, whereas BPDs allowed them to college huge datasets about our health, tax, and electoral records. According to the tribunal, they include "considerable volumes of data about biographical details, commercial and financial activities, communications and travel". Not the sort of information you'd like shared about arbitrarily.

But that was exactly what had been happening for at least a decade prior to Theresa May's initial proposal for the bill following Snowden's leaking of the classified NSA files back in 2013. Nothing happens in a vacuum.

What seems to have taken most people by surprise however is the emphasis on new powers, which rightfully caused a backlash from six of the biggest American technology firms, including Microsoft, Apple and Google. The bill specifies that internet and phone companies will have to keep the records of every phone call made and every website visited by its users for a year. A range of government agencies could then, at any time, have access to these communications - in some cases, without need for a warrant. To add insult to injury, the law also enables government agencies and institutions to hack into computers, phones and networks, and to force digital companies to create a backdoor to their encrypted messaging services (this time with the prerequisite of gaining a warrant).

Despite voicing their concerns about these powers, one question has still lingered on my mind: what exactly prevented the Silicon Valley giants from being able to block the disclosure of sensitive, private communications prior to the proposal of the bill? Let's not forget that, according to Snowden's revelations, Microsoft cooperated with the NSA by circumventing its encryption security, and allowing the agency to intercept web chats and access emails and the cloud storage network, SkyDrive. Everything about the scandal seemed to point towards some kind of direct cooperation between the entities of governments and corporations.

Needless to say, Microsoft later protested this implication, as did many others, distancing themselves from the accusations. But the ease with which government agencies accessed our private information seemed all too convenient for this to be believable.

Although whether these entities conspired against the public or not, one thing is known for certain - what is being passed into law now is only the extreme of events which have already occurred within the past decade.

In fact, I would go so far as to argue that the primary reason for this bill's existence - at least in its current existence - is to provide justification for the historic abuses of our privacy. The Independent Reviewer of Terrorism Legislation, David Anderson, tried to convince us earlier this year that the new measures are "vital" for the safety of the public. Citing the fact that BPDs enabled MI6 to "positively identify a number of individuals ... who posed a threat to national security," Anderson pushed the idea that the security services needed more surveillance powers to deal with terror threats and foreign spies.

Of course, it's hard to argue against maintaining our national security. Especially when the majority of British people seem to support the extra powers (although they don't seem to keen on plans to strip back encryption software). But if Edward Snowden has taught us anything, it's that there is nothing more insidious than the illusion that privacy doesn't matter because we have "nothing to hide": "Arguing that you don't care about privacy because you have nothing to hide is like arguing that you don't care about free speech because you have nothing to say."

In other words, being forced to choose between our right to privacy and our national security is a false dichotomy. Especially when so many terror attacks included suspects which were already on the radar of intelligence services - mass surveillance simply isn't an effective way of targeting individuals who are at risk of radicalisation. And even if it was, it would not - under principle - warrant such an infringement on our privacy.

Comments

CONVERSATIONS