Article by Trevor Timm
The United Kingdom’s Prime Minister David Cameron and the Interior Ministry were recently forced to defend a sweeping wiretapping proposal, which would aim to monitor every single email, text message, and phone call flowing through the whole country.
The proposal would likely force all UK Internet Service Providers (ISPs) to install “black boxes” on their systems that use Deep Packet Inspection (DPI) technology, which would give authorities access to all communications data without a warrant or any judicial oversight.
Law enforcement would have access to IP addresses, email addresses, when you send an email, to whom you send it, and how frequently—as well as corresponding data for phone calls and text messages. The government has claimed this proposal is needed to fight “terrorism and serious crimes,” but of course, it would be available to law enforcement for all purposes.
As the Washington Post reported, many privacy advocates in the UK say, “the move would intrude so deeply into the lives of British citizens that it would rival or exceed measures used by totalitarian governments.” While there’s still no public draft of the proposal, the government insists that law enforcement will not have access to the content of communications; however, retaining all other identifying information can easily reveal vast troves of information about a user’s private life.
Mathematician and security researcher George Danezis ":
Basically you can think of blanket traffic data retention and access as having a policeman following you around 24h a day / 7 days a week, and making notes about where you have been, what you have looked at, who you are talking to, what you are doing, where you are sleeping (and with whom), everything you bought, every political and trade union meeting you went to, … – but not actually hearing any of the conversation or seeing what you wrote. Traffic data provide an X-ray of your whole life, and the policy suggests they should be available to law enforcement and the intelligence services without any judicial oversight (only political review or police oversight)."
Unfortunately for the UK government, a lot of popular email and social media services, like Google and Facebook, use SSL encryption to protect their users' data, so the government may not be able to access the information through DPI. Under this proposal however, Google and Facebook would be forced to comply with every data request.
In the UK, user data—such as IP address and contact information—already has relatively weak protection. Under the Regulation of Investigatory Powers Act, law enforcement can get user data on a case-by-case basis from UK-based Internet Service Providers (ISPs) “upon request.” ISPs cannot challenge the request. But as Privacy International explains, the new proposal would also put non-UK based services like Google and Facebook under this regime, forcing them to comply with any request, regardless of its validity.
Currently, Google only provides data to governments when the request “complies with both the spirit and the letter of the law.” If not, Google says will refuse to hand over user information to the government. For example, according to Google’s Transparency Report, from January-June 2011 last year, they received 1,279 user data requests from UK authorities and refused to comply with 37%. Under this proposal, that number of refusals would drop to zero.
In addition to the massive encroachment on privacy, the new proposal has many security risks and potential for further abuse, as Privacy International has laid out in this helpful FAQ. While government advocates insist such an expansive bill is required to stop “terrorism” (a familiar refrain), Privacy International explains:
“In a terrorism investigation, the police will already have access to all the data they could want. This is about other investigations - it is about the millions of requests made every year by local law enforcement and other authorities in the investigation of serious—and less serious—crime.”
In an ironic twist, a similar plan was shot down in 2006 by a minority coalition of Liberal Democrats and Conservative party members, some of whom now make up the ruling party that has put forth the new proposal. Thankfully, other members of Parliament are speaking up. Conservative lawmaker David Davis remarked, “It is not focusing on terrorists or criminals. It is absolutely everybody…This is an unnecessary extension of the ability of the state to snoop on ordinary innocent people in vast numbers.”
EFF stands with the diverse group of civil liberties organizations, privacy advocates, and ordinary citizens of the UK in opposing this truly Orwellian law.
Cross-posted from Electronic Frontier Foundation