The Surveillance Debate - Shaken But Not Stirred

Yvette Cooper was a member of ISC, the Intelligence and Security Committee from 1997-1999, so although not a Bond girl, she knows very well how to shake surveillance discussion up and where the skeletons of the oversight are to be found.

James Bond girls are not cast for their bravery, as the size of their bikini seems to be more vital, but M (or rather Dame Judi Dench) is seen an example of a tough female character, admired for her courage and unflinching nature in the face of the most vicious of enemies. Our very own M, Baroness Manningham-Buller, former Director General of the Security Service, in her Reith Lectures in 2011 noted that "there is not liberty without security. The first human right listed in the European Convention of Human Rights is the right to life; the third is the right to liberty and security."

As we arrived in the 21st century, with its rapid progress of technological change affecting every aspect of our lives, it became pretty clear that we needed to review in great detail where we are on both of those concepts and if they are indeed related in the way that the Baroness was trying to ascertain - hers was a nuanced comment, buying support for an 'end justifies the means' approach, quietly preferred by our security agencies.

Not many senior politicians are prepared to go anywhere near that debate at the moment. The Prime Minister, his Deputy, the Home and Foreign Secretaries being conspicuous by their absence from the post-Snowden discussions, as pointed out by Yvette Cooper in a recent speech

Therefore, it was refreshing to see a female MP, and a well-briefed one too, shaking the shadowy political consensus and kicking off the debate on what we should have been discussing vigorously since June 6th 2013.

Yvette Cooper was a member of ISC, the Intelligence and Security Committee from 1997-1999, so although not a Bond girl, she knows very well how to shake surveillance discussion up and where the skeletons of the oversight are to be found. Although during her speech she politely acknowledged the "dedication" of intelligence agencies, she also noted that they very much do as they please as the oversight system of the security agencies at the moment is suboptimal.

Retired judges who are Commissioners are only interested in narrow interpretation of compliance, few people know who they are or what they do. The overseeing folks are as much in the shadows as the agencies themselves. We need to get this fixed and look in detail at the roles, selection and processes for oversight staff, as they need to not only represent people but also rebuild trust in how the balance of liberty and security actually reflects what the voters want to see.

Cooper's speech also called for a review of RIPA, as the pace of digital change has recently been so frenetic that not much today is looking as it was in 2000 as a result of the digital tornado. In addition, she called for a crowd-sourcing solution on the balance between security and liberty via opening a public debate on the role of the security agencies, in order to ensure that "the digital age serves the public and our democracy, and not the other way round". Why did it take so long for a senior politician to say those words and address the impact of Snowden's revelations?

This is a timely call, since following the over-reach of security agencies as well as commercial companies' aggressive acquisition of our data, the public is getting increasingly anxious about being attacked on their electronic devices simultaneously by two forces: the state and commercial online companies. We argued that, for the consumer, both the state and commercial companies are seen as part of the same threat, and abuse by one of them is transferring a loss of trust to the other perpetrator, despite the attempts by businesses to try to distance themselves from the surveillance debate. For the public it is simply the same issue, of personal privacy infringement, liberty and civil rights.

Teenagers have already voted with their feet by moving from Facebook to Snapchat to avoid privacy issues and being snooped on by both security forces and business busybodies. Snapchat does not hold data, and the image captured disappears after a few seconds. I wish that were the case with many other instances of our data left online.

Yvette Cooper's international perspective and specifically her comment that Britain is only a part of the much larger picture is a very apt one. On its own, the UK is not likely to be able to re-balance surveillance and data protection issues, considering that the worst examples of or risks to personal data privacy is coming from USA-based commercial companies and the NSA.

As the speech suggested, the answer has to be in the international approach, using the EU for what it was created to do, which is to provide a unified voice in developing legislation protecting its citizens against the violations caused by other countries. And we must not forget the origin of the violation of our civil rights, as pointed out by Caspar Bowden in the House of Commons summary in October 2013. He stated that the USA legislation of FISA (the Foreign Intelligence Surveillance Act 1978) specifically allows their security agencies to capture and retain data from foreigners, while their own citizens enjoy at least a degree of protection from the NSA in terms of access to their personal data. We in the EU, however, do not enjoy that protection.

However, Cooper did not mention that it is also important to bear in mind that EU is not homogenous on the issue. Holland and Germany, particularly since Chancellor Merkel discovered her phone had been tapped, have taken a very strong view that the only solution to NSA hyperactivity is to introduce the Balkanisation of the Internet and create a separate network in Germany, possibly an EU network, and possibly without increasingly distrusted Britain.

Germany perceives the UK as a part of the NSA apparatus. It not only dislikes the UK's stand but also actively distrusts David Cameron, and is already building a serious plan to separate their electronic ways from the UK and the Americans. Holland is likely to follow, while France, Estonia and Iceland have made noises that they are looking at the feasibility of those solutions for exactly the same reasons. Therefore, the UK is not really on the same page as the EU, and is not likely to get a serious place on the negotiating table as long as our own internal debate, the re-engineering of oversight and calling security agencies to heel is not in place.

Our London MEPs, Sarah Ludford, is not helping the reputation of the UK in the EU. She is consistently seen as batting for the NSA in the discussions, even alleging that Snowden had sinister motives beyond whistleblowing when he revealed the leaks. Sarah I-don't-pay-my-intern Ludford has a record of putting her foot in it and we can only hope that her local electorate is paying attention and will express their view in May 2014 at the next MEP elections.

In addition, it did not help that Conservative MP (and MEP) Tim Kirkhope argued against allowing Snowden to provide video evidence to an EU session that aimed to examine the details of the security agencies' surveillance actions. Although MEPs like Ludford argue for the UK to stay in the EU, she and Kirkhope are also making the UK look increasingly distanced and distrusted by their continental partners. Even worse, their actions have no clear mandate, as the UK's internal debate on liberty and security has barely even started. The coming MEP elections in May 2014 will be an opportunity to flesh out what damage is being done by current MEPs who only perpetuate the German perception that the UK backs the Americans at all costs.

At the moment UK is not likely to be considered as anything but a problem in the development of EU protection laws against personal data invasion and excessive surveillance practices. Negative aspects of that framework, Balkanisation and its limiting impact on the Internet were discussed at a recent Cybersalon public debate by Becky Hogge and James Bell.

Yvette Cooper also argues for the role of law and believes in its transformative force on the oversight process. However, many voices have questioned that belief, most recently Evgeny Morozov in a recent analysis of the situation. His observation is that the law debate has gone nowhere, due to the lack of transparency within the EU lobby process, and that it is taking the security and liberty debate away from the mainstream. His view is that nothing helps to focus the minds of security agencies like money.

Therefore, if we moved toward end-to-end personal encryption, making the NSA and GCHQ's work a lot more expensive, they would need to reconsider their blanket surveillance and the current, relatively cheap dragnet approach. Perhaps this would cause us to end up in a better place in terms of the selectivity of really proven cases, i.e. not retaining data for on everyone just because they can.

End-to-end encryption is increasingly popular in Germany, and has also recently come to the fore in the UK, where CryptoParties are very popular on campuses and beyond. By providing workshops on basic cryptography, young people are coming to consider it as a way forward to protect themselves and their data. However, I have been on the Internet since 1986 and agree with the recent response on this topic by social media expert Wessel van Rensburg, who argues that the advantage of a global, un-Balkanised, non-encrypted Internet is the serendipity of being able to meet new people, forging new links, sharing knowledge widely and linking up with new "soul brothers and sisters" in cyberspace.

Cybersalon's research on Google Glass has shown that despite the appearance of Glass being a surveillance tool, in fact the reverse is true, as the Glass community is being forged from a bunch of perfect strangers to form a close collaboration group and turn them into colleagues who work together on particularly promising areas of endeavour to attempt to solve problems like dyslexia and other visual disabilities. So far, the Internet being open has been extremely efficient in providing that ability to support open collaborations and improve the speed of sharing knowledge with just the right people, thus killing distance and building working networks between people from all over the world.

However, Yvette Cooper backed the government excuse that any debate about the security agencies operating online is unhelpful, as it "undermines its effectiveness ... When Bletchley Park started in WWII, no one wanted the Axis forces to know our capability at code breaking". Andrew Parker, the head of the Security Services has commented that "the reason why things are secret is not because we want to keep them from the public, it is because we want to keep them from the terrorists, spies and proliferators".

In response to those justifications, those of us who work in the technology sector and specifically in cybersecurity must come clean and clarify where the land lies on those excuses, and that excuses they are. Bletchley Park was in a different era, where the spy networks were composed of real spies, physical people operating in in the shadows in foreign countries and sending information in physical ways.

What needs to be understood by the general public is that what is engineered can be reverse-engineered. The software packages that do the dirty work of surveillance provide plenty of crumbs that can be used to work out the rules of the software. In fact, today the surveillance software is often adopted from commercial software, or is just a fraction ahead of what we would do on a daily basis in digital marketing data analysis.

Eric King, from Privacy International, kindly shared with a few of the 'top notch' packages from spy-land. It was clear that the analytics applied in those packages were just a little bit more specialised and with a fractionally better interface to make the spooks work faster; however, it didn't offer much that we would not have already done in the realm of commercial data analysis. The difference to what most of us would work with on a daily basis in the commercial environment was the sheer scale of data collection, storage and retention for extremely long periods of time of data on practically everybody in the country and often far beyond the UK.

That is where the cash goes, and that is why the funding to the NSA and GCHQ is growing exponentially. We are generating so much daily data that not only does it take probably hundreds of coal-mining companies in China to provide the power for the giant server farms, but it also creates engineering challenges at every level in terms of how to deal with such a daily Niagara Falls of data deluge.

However, none of this is a reason to avoid a debate about the processes applied by security agencies.

Nobody cares how the security agencies deal with the scale; it's just an engineering issue and debating that openly would not give the terrorists any advantages. No doubt they have good engineers at their end too, plus their own server farms.

Both the technical sector in the UK and the enemy can see what is being captured, as on the Internet everything is visible and easy to reverse-engineer if you put your mind to it. What we do care about is why so much indiscriminate data is captured. Why suddenly, over a period of a few years, have we moved from the security agencies having to ask for data capture on an individual to just grabbing the whole datastream from every single man, woman, teenager and child just because it's now cheap and possible?

Why does the UK appear to be serving American requirements while FISA discriminates against UK citizens, all the while protecting US ones? Why do we have to apologise when in Europe, when my German friends and Dutch colleagues perceive us as envoys from the Dark Force Empire? It does not have to be that way, but for the above to change a public debate led by senior government politicians is a must. It is not enough to issue a quiet call for a public submission to the Parliament, we need this topic to be led by Prime Minister and run on the front pages of the mainstream newspapers and on BBC.

As Jamie Bartlett from Demos noted, discussing the great-commercial-data-robbery, "some analysts estimate that we are each giving away up to £5,000 worth of data every year". In fact, it is likely to be about £10,000 per head given away yearly to the security agencies, as it would cost about that much to de-crypt all of our communications if we all used end-to-end encryption. Unless there is a proper debate on security and liberty in the UK our only way forward is to build an individual crypto-wall and make it so expensive to collect our data that it will be seen as an unattractive means to a very uncertain end.

We will don't want to be watching our Internet falling into a Balkanised mess, which will happen for sure if the UK and Germany do not see eye-to-eye on the USA's and FISA's unfair treatment of EU citizens. Tim Berners-Lee has called for a global digital Magna Carta to protect the online users and to stop the balkanisation of the Internet. Let's hope his voice will be heard.

Meanwhile, it would be reasonable to expect each of the parties to make their position on surveillance crystal clear in their manifestos, at which point the debate can truly begin. Local and MEP elections are on May 22nd and Yvette Cooper has ensured that the surveillance debate in the UK is at least shaken, if not stirred. Register to vote, write a letter to your MP and watch the MPs scuttle for cover. I would prefer this debate to be live on BBC, with Twitter feed to #MagnaCarta hashtag and a Facebook page to support. But till we get to the point of modernising the way we debate in the digital era, there is nothing like an election to focus the minds and bring even the most reluctant Prime Minister to the bar for a debate... although, as it turns out, he prefers a dark Guinness to a Martini. I should have guessed that.

Before You Go