Tuesday, 28 April 2009

Privacy concerns

So there isn't going to be a massive national database containing details of all our browsing history, emails and chatroom visits after all. Or is there? The Home Office yesterday launched a "consultation document" (pdf), and the abandonment of the £12bn scheme was the made headline. The document does indeed make this sound like a major - and unwelcome - concession, which implies that this and other aspects of the surveillance society have, at long last, made some sort of public impression, that privacy still matters to enough people to make a difference:


The Government has no plans for a centralised database for storing all communications data. An approach of this kind would require communications service providers to collect all the data required by the public authorities, and not only the data required for their business needs. All of this communications data would then be passed to, retained in, and retrieved from, a single data store. This could be the most effective technical solution to the challenges we face and would go furthest towards maintaining the current capability; but the Government recognises the privacy implications of a single store of communications data and does not, therefore, intend to pursue this approach.


Are we to take this at face value? Shami Chakrabarti seems quite happy, calling it "a clear signal that the public interest in personal privacy can no longer be ignored". The Conservatives' Chris Grayling claimed that "the home secretary appears to have listened to Conservative warnings about big brother databases" and added, "Now that she [Jacqui Smith] has finally admitted that the public don't want their details held by the State in one place, perhaps she will look at other areas in which the Government is trying to do precisely that."

Somehow I doubt it.

That said, I suspect the spooks will be disappointed that they won't - for the time being at least - have an expensive new toy to play with. Instead, they will make ISPs do the work - and bear some of the cost - of collecting, storing and collating all the information. This will be cheaper - a "mere" £2bn - at least to the taxpayer. The Independent suspects that it "could add millions of pounds to phone and internet bills" but people have a strange habit of not noticing such levies, or if they do, they blame the service provider. Provided the new scheme gives them what they want - unfettered access to the contacts and browsing habits of the entire population - this could be a win-win situation for the surveillance state. They will save money and be able to pretend that they care a fig for people's privacy. Even some privacy campaigners may be seduced by the appearance of victory.

We should be careful. A big, scary centralised database does at least present opponents with a target to aim at. By forcing companies to collect the data the government will achieve most of what it wants, but stealthily. Despite talk of safeguards, the proposal will enable almost any public body to build up a complete picture of anyone they choose, with little or not outside scrutiny. Even the minimal safeguard of needing authorisation from a magistrate or judge appears nowhere.

It will be slightly more cumbersome to access the material - but since the onus is put on the ISPs to collate the data all ready, that's hardly reassuring. Indeed, the ISPs are likely to, in time, demand a quid pro quo - for example using this fund of information for commercial purposes. It has recently emerged that the Home Office advised BT on ways to sidestep EU privacy safeguards when trialling Phorm. This sort of collusion is likely to increase if the new scheme goes through.

Elsewhere, the document gives the lie to the government's frequent claims that they are merely implementing EU directives - directives which, in any case, the Home Office campaigned for vigorously in Brussels. It states that "We also need to ensure that UK companies collect and store additional types of communications data about their own services, which are not included under the EU Data Retention Directive. This includes data that communication service providers do not generate or process about their services." It doesn't provide any coherent rationale as to why they need this capability.

Those who follow these matters closely realise that the apparent concession will do little to knock the snoopers off course. Says Henry Porter,

We should not be lulled into seeing this as change in the government's goal of knowing everything about every one of us. The civil servants behind the scheme have a very long horizon indeed – an agenda that is designed to survive cuts in public spending and any change of government.


Opponents of the surveillance state get used to accusations of paranoia. We are forever assured that only serious criminals or suspected terrorists have anything to fear. But the abuse of RIPA by local authorities demonstrates that intrusive surveillance is now the first resort of officialdom. Once this new system is up and running it will be too tempting not to use it wherever possible. Indeed, if its use were to be confined only to serious cases it would not justify either its cost or its scope and complexity. This document almost admits as much:

All the data retained by the communications service providers would continue to be accessible on a case-by-case basis to public authorities, subject to the same rigorous safeguards that are now in place.

"Rigorous safeguards". Is that, I wonder, intended to be a joke? Or is it merely cyncism?

(The consultation is addressed merely to service providers, though I hope millions take the opportunity to email communicationsdataconsultation@homeoffice.gsi.gov.uk)

8 comments:

Anonymous said...

The government is indeed being disingenuous when it claims it has backed down from keeping a single database - they are keeping just 2 databases. For IP (internet) traffic at least, regardless of which reseller you subscribe to, ultimately all data travels across either BT or Virgin's networks, as they own and operate the infrastructure forms the communications backbone of the UK.

RavingMad said...

The Guardian

the voice of and give voice to the fascists:

http://www.guardian.co.uk/commentisfree/libertycentral/2009/apr/27/surveillance-data-protection

John B said...

Note that the £2bn figure refers to the central database (ie the most expensive option discussed in the paper), not the 'slight tinkering with what already happens' option they're actually recommending.

Anonymous is wrong: mobile comms are a significant and growing part of Internet traffic, and also if your ISP uses LLU (ie if you don't pay a phone line subscription to BT even though you have a physical BT connection in your house), your traffic doesn't pass through BT's system in any sense relevant to the legislation.

The Heresiarch said...

As usual, John B, you take the apologists for Big Brother at face value. I would refer you to Michael Portillo's dictum, (Moral Maze, 11 Feb 2009):

I having been been in government have every reason for believing that the government routinely abuses the powers it has. It's not a matter of the last resort, it's the first resort. It isn't something that happens exceptionally, it happens all the time.

On the specific issue, you are wrong. The document states,

Initial estimates of the implementation costs of the range of options discussed above are up to £2bn.

First, this is just an "initial estimate": as we all know (or should) "initial estimates" are usually several times less than the final cost. Secondly, the central database is not one of the options discussed in the dossier, having been ruled out.

John B said...

The document outlines three options: I, single store; II, doing nothing; and III, middle way. It rejects I and II.

According to footnote 14, on £2bn figure:

14. These estimates cover all the options considered in this paper, except the ‘Do Nothing’ optionDefinitionally, that includes option I and option III, and not option II.

The Heresiarch said...

We clearly disagree on the interpretation of the word "considered". My reading of it -- supported by previous and widely-circulated estimations of £12bn for a complete database, as well as the interpretation given in all press reports -- is that that option was not "considered", since the document ruled it out. I re-read the applicable sections, just for you, and couldn't make sense of it any other way.

The Government does not intend to pursue an approach which involves storing all communications data required by public authorities in a single place under Government control.

I.e. it's not an "option".

WoollyMindedLiberal said...

"Apologists for Big Brother" you say. At least there is no mystery as to why people would quite correctly call you paranoid!

John B said...

Widely circulated by people who knew cock-all about it sticking their fingers in the air, perhaps.

The footnote explicitly excludes option II, which is also described as 'rejected'. Hence, the statement makes no logical or grammatical sense unless option I is included. I accept it's far from impossible that the government has issued a report that makes no logical or grammatical sense.