So there isn't going to be a massive national database containing details of all our browsing history, emails and chatroom visits after all. Or is there? The Home Office yesterday launched a "consultation document" (pdf), and the abandonment of the £12bn scheme was the made headline. The document does indeed make this sound like a major - and unwelcome - concession, which implies that this and other aspects of the surveillance society have, at long last, made some sort of public impression, that privacy still matters to enough people to make a difference:
The Government has no plans for a centralised database for storing all communications data. An approach of this kind would require communications service providers to collect all the data required by the public authorities, and not only the data required for their business needs. All of this communications data would then be passed to, retained in, and retrieved from, a single data store. This could be the most effective technical solution to the challenges we face and would go furthest towards maintaining the current capability; but the Government recognises the privacy implications of a single store of communications data and does not, therefore, intend to pursue this approach.
Are we to take this at face value? Shami Chakrabarti seems quite happy, calling it "a clear signal that the public interest in personal privacy can no longer be ignored". The Conservatives' Chris Grayling claimed that "the home secretary appears to have listened to Conservative warnings about big brother databases" and added, "Now that she [Jacqui Smith] has finally admitted that the public don't want their details held by the State in one place, perhaps she will look at other areas in which the Government is trying to do precisely that."
Somehow I doubt it.
That said, I suspect the spooks will be disappointed that they won't - for the time being at least - have an expensive new toy to play with. Instead, they will make ISPs do the work - and bear some of the cost - of collecting, storing and collating all the information. This will be cheaper - a "mere" £2bn - at least to the taxpayer. The Independent suspects that it "could add millions of pounds to phone and internet bills" but people have a strange habit of not noticing such levies, or if they do, they blame the service provider. Provided the new scheme gives them what they want - unfettered access to the contacts and browsing habits of the entire population - this could be a win-win situation for the surveillance state. They will save money and be able to pretend that they care a fig for people's privacy. Even some privacy campaigners may be seduced by the appearance of victory.
We should be careful. A big, scary centralised database does at least present opponents with a target to aim at. By forcing companies to collect the data the government will achieve most of what it wants, but stealthily. Despite talk of safeguards, the proposal will enable almost any public body to build up a complete picture of anyone they choose, with little or not outside scrutiny. Even the minimal safeguard of needing authorisation from a magistrate or judge appears nowhere.
It will be slightly more cumbersome to access the material - but since the onus is put on the ISPs to collate the data all ready, that's hardly reassuring. Indeed, the ISPs are likely to, in time, demand a quid pro quo - for example using this fund of information for commercial purposes. It has recently emerged that the Home Office advised BT on ways to sidestep EU privacy safeguards when trialling Phorm. This sort of collusion is likely to increase if the new scheme goes through.
Elsewhere, the document gives the lie to the government's frequent claims that they are merely implementing EU directives - directives which, in any case, the Home Office campaigned for vigorously in Brussels. It states that "We also need to ensure that UK companies collect and store additional types of communications data about their own services, which are not included under the EU Data Retention Directive. This includes data that communication service providers do not generate or process about their services." It doesn't provide any coherent rationale as to why they need this capability.
Those who follow these matters closely realise that the apparent concession will do little to knock the snoopers off course. Says Henry Porter,
We should not be lulled into seeing this as change in the government's goal of knowing everything about every one of us. The civil servants behind the scheme have a very long horizon indeed – an agenda that is designed to survive cuts in public spending and any change of government.
Opponents of the surveillance state get used to accusations of paranoia. We are forever assured that only serious criminals or suspected terrorists have anything to fear. But the abuse of RIPA by local authorities demonstrates that intrusive surveillance is now the first resort of officialdom. Once this new system is up and running it will be too tempting not to use it wherever possible. Indeed, if its use were to be confined only to serious cases it would not justify either its cost or its scope and complexity. This document almost admits as much:
All the data retained by the communications service providers would continue to be accessible on a case-by-case basis to public authorities, subject to the same rigorous safeguards that are now in place.
"Rigorous safeguards". Is that, I wonder, intended to be a joke? Or is it merely cyncism?
(The consultation is addressed merely to service providers, though I hope millions take the opportunity to email firstname.lastname@example.org)