‘The UK now wields unprecedented surveillance power‘ was stated in today‘s The Verge. As put by a publicist James Vincent, ‘The UK is about to become one of the world‘s foremost surveillance states, allowing its police and intelligence agencies to spy on its own people to a degree that is unprecedented for a democracy.‘
Are words of Edward Snowden that it‘s ‘the most extreme surveillance in the history of western democracy‘ as exaggerated as calling the Investigatory Power Bills project ‘worse than scary‘? Privacy of British citizen is hanging on a thread as the only thing lacking for the project to come into law is the royal assent.
It not only makes the UK‘s programme of global surveillance that gathers communications data from the whole world legal, but also introduces new powers for the domestic government, like creating a governmental database with data on web history of every citizen. What are the consequences of the controversial Powers Bill?
To what extent is the web history going to be monitored?
Every person could be surveilled and the government would have information not only on all visited websites but also application installed on mobile devices and metadata concerning calls.
As explained in The Verge, ‘this information is known as internet connection records, or ICRs, and won‘t include the exact URL of each site someone visits, but the base domain‘. To illustrate this, the government wouldn‘t know which subpages you visited on www.detective-store.com but it would get info concerning the domain and how much time you spent on it.
Would that make searching for criminals safer?
Internet providers and mobile network operators are supposed to store this data for 12 months, so that the authorities could trace them using a search engine with special request filter that limits amount of answers for a search request. Interestingly, it‘s noted that currently the government receives more pieces of information from providers of an electronic communications service that is needed. It also presents a case study that may raise some doubts:
‘Public authorities will sometimes need to make complex queries. For example, they may need to ask multiple communications service providers for data to identify an unknown person suspected of having committed a crime at three different places at different times. This means the public authority may acquire a significant amount of data relating to people who are not of interest. The request filter will mean that when a public authority makes such a request, they will only see the data they need to.‘
The exact mechanism of the search engine is yet unknown. If it allows for filtering visits to a website and then filtering by users who visited it on a given date and time, it means that the government, just to start with, gains access to all data straightaway. The Verge stresses that ‘it will be easy to tie browsing data to individuals‘. Moreover, firstly data is gathered, then potential perpetrators are to be searched for. This gives way to abuse and malpractice.
Intrusion of privacy without a court order?
People wouldn‘t even know that they‘re being spied on by the police having access to data concerning their online activity. It‘s to be managed by a specially trained police chief who will reject or accept the requests. This law will make surveillance of citizens common and, as a result, will let us sleep safe and sound, as the vigilant eye of the government sees everything, and I mean EVERYTHING, from idle Facebook browsing to visiting porn websites – some perceive this as a good joke, but it‘s rather a bad one.
How is this connected with Snowden and the Smurfs?
The Investigatory Powers Bill introduces solutions revealed by Snowden, namely gathering global metadata and hacking into private computers. Listening to conversations or reading others‘ messages would become an everyday thing. Plus destroying files, deleting or sending documents, sending fabricated messages – simply taking control over somebody‘s device.
It is said that hacking into devices will require a warrant from the Secretary of State and judges and will only be used in case of threat to national security or serious crimes, but does this make you feel less anxious?
The project assumes two types of ‘equipment interference‘, as it was aptly phrased. Law enforcement could gain data from phones or private computers, but also interfere with equipment of larger groups. The latter is only authorized for special agencies to be used outside the UK. Two examples were given: if in order to prevent a terrorist attack, every phone and computer in a city would need to be hacked into – it would be. If there is a threat of totalitarian state or developing a biological weapon, the government could, for example, entirely take over internal e-mail system.
In order to prevent your mobile phone from being hacked Detective Store offers a solution such as encrypted mobile phones, which allow for discreet communication. As per the Verge, these actions may entail using malware used by hackers, charmingly referred to as The Smurfs. ‘‘Nosey Smurf‘ activates a device‘s microphone to record conversations; ‘Tracker Smurf‘ hijacks its GPS to track location in real time; while ‘Dreamy Smurf‘ allows a phone that appears to be off to secretly turn itself on.‘
Possible abuse of right?
The article quotes a professor of security engineering from Cambridge University who presents a gloomy perspective. He gives an example of a UK police chief ‘wanting to stem knife crime, and asking the government to force Google to get data from Android smartphones. ‘The point is that it‘s possible. Perhaps the government has given some private assurances to these companies [that it won‘t happen], but we know from long experience that such private assurances are not worth the paper they‘re not written on‘.‘
The end of data encryption?
The government is to be granted new rights allowing for interfering with service encryption of private companies operating in the UK. The companies may be forced to decrypt data on demand, on a small scale, and if it‘s ‘practicable‘. The lack of precise wording constitutes a threat that the government may demand user data decryption (as it is ‘practicable‘), but the company refuses as it may constitute a global risk for their users. On the other hand, such refusal may be penalized‘
Does the British government thinks that its citizens do not care about privacy?
The Verge points out the statement of Jim Killock, the executive director of the Open Rights Group, that ‘the government won‘t be able to get all of the data all of the time‘, however, ‘they‘re not expecting most people to bother to protect their privacy.‘ So they will not bother to search for other solutions, like using Virtual Private Network (VPN), preferably from a non-UK provider ‘ is that a na‘ve or realistic approach?