by Rob Harding
Just a heads-up: The government knows you’re reading this.
Literally. Amidst the endless torrents of nonsense spewing from the ongoing Brexit negotiations (update: Theresa May throws up hands, announces ‘Fuck it all, God will sort it out’) and the dawn of a new chapter in the great story of democracy, the government the British people did not elect and didn’t really ask for passed some of the most intrusive legislation a British government has ever passed. The Investigatory Powers Bill, also known as the ‘Snooper’s Charter’, is due to be signed into law in a couple of weeks, and it manages what can only be called a very British Government feat in being both poorly-worded and terrifying.
The bill ‘sets out the extent to which certain investigatory powers may be used to interfere with privacy.’ It demands that
1. Web and phone companies (CSPs or ISPs) will be forced to store records of websites visited by every single customer for access by a laundry list of police, security services and random government departments.
2. Security services will be legally empowered (not like they weren’t doing it anyway) to bug computers and phones upon approval of a warrant. Companies will be legally obliged to assist these operations and bypass encryption where possible.
3. Security services (Let’s stop calling them that. They don’t serve us or make us more secure, especially not now) will be able to acquire and analyse bulk collections of communications data.
To start with, let’s ignore the fact that this is a huge intrusion of privacy that’s ripe for abuse at every level and go for the holes in this law. Considering uses of these powers that are solely to catch terrorists and serious criminals, the bill doesn’t state how the government is going to force companies, particularly foreign companies (like Google) to disclose or store this information. Will these companies get anything in return for doing a lot of the government’s legwork for them, or storing the presumably vast amounts of data this bill requires them to keep? More to the point, as people have pointed out, this law isn’t exactly hard to get around. Anyone who’s serious about doing foul deeds online will be three steps ahead of the powers this law grants already.
The debate in parliament reached the point of considering whether it would be possible to remove troublesome encryption that would stop the government viewing your search history altogether – short version: No. As anyone with any communications security knowledge will tell you, there’s no such thing as a backdoor that only the government can use, and there are millions of potential hackers out there who’d just love the security flaws that this would create. We’re not big on corporate shilling here at the Radical, but here’s a quote from Apple submitted to the committee last December. If nothing else, if the British government thinks it can force Apple to do anything it’s got another thing coming. Bigger spooks have tried.
Secondly, the number of agencies that have access to this data is staggering. I can understand why the vaguely named ‘Security Service’ and ‘Secret Intelligence Service’ might want to know why I’ve been visiting ‘https://bombsforbeginners.isil’, but why the hell do the Royal Navy Police, the Competition and Markets Authority, the Food Standards Agency, the HSE, the Northern Ireland Ambulance Service Health and Social Care Trust and the fire service (among others) need to be looking over my shoulder as well? What possible benefit could the NHS Business Services Authority gain from seeing which forums I visit and what I’m buying my mum for Christmas?
And while the information is theoretically only available to senior officers, whoever thought that one up is clearly unaware of the old ‘give the intern the password so they can run the Twitter account’ gambit, not to mention the national institutions that are Leaving Laptops on Trains and Taping Your Password To Your Monitor. That’s leaving aside the more sophisticated intrusions that IT systems are prone to, especially ones holding vast amounts of potentially valuable data. To quote one of my favourite authors: ‘Didn’t they know that the only unhackable computer is one that’s running a secure operating system, welded inside a steel safe, buried under a ton of concrete at the bottom of a coal mine guarded by the SAS and a couple of armoured divisions, and switched off? What did they think they were doing?’
the number of agencies that have access to this data is staggering
That’s what really concerns me about this system. Not the potential for state-sanctioned snooping, because I realise that I am a very small fish in a very big sea and the chances of GCHQ coming after me are pretty tiny unless I am actually committing a crime. The potential for abuse, either from within the government or outside it. What if some Russian script kiddie gets into the system, sees that I’ve been here and threatens to send this information to all my co-workers unless I pony up $200? What if some irritating little sod from America sees that I’ve visited ‘http://www.ditchthelabel.org/8-tips-for-coming-out-as-trans/’ and decides to out me? Not to mention that this will make watching perfectly legal pornography an endeavour fraught with peril and the risk of your browsing habits popping up on your boss’s monitor the next morning. The potential for blackmail is staggering, and you’d better believe people are taking notice.
And even if the system works as it’s supposed to and the government somehow builds a walled fortress not even Vladimir_Putin1@hotmail.ru and his entourage can’t break in to, that still means that the government has decided that it’s allowed to go through any citizen’s search history (unless they’re an MP), and gone to desperate lengths to do so. Combined with recent legislation intended to block ‘unconventional’ pornography (which includes female ejaculation, sexual acts in public and ‘insertion of more than four fingers into an orifice’ – imagine the committees that decided that one) and the relentless (and futile) desire to control the internet that the government has repeatedly demonstrated, it seems like May and her merry unelected men are continuing their efforts to tame the still fairly new digital frontier, regardless of the damage they do along the way or the utter futility of their cause. The pornography laws in particular are either weirdly specific or actively damaging in that they criminalise the depiction of acts that are entirely legal for consenting individuals while distracting attention from the genuinely dangerous material that’s out there.
May and her merry unelected men are continuing their efforts to tame the still fairly new digital frontier
So what can be done about this? The bill hasn’t gone through yet, and privacy watchdogs are already planning to sue. Sign this, write to your local MP, the usual safeguards. These folks seem to have the right idea. Failing that, wait a few months, then visit these websites repeatedly, along with the best selection you can find of Theresa May erotic fanfiction. There’s every likelihood that this bill will pass given the psychotic determination of the current government to impose it in the name of ‘security.’ If they’re going to do it, let’s make life difficult for them.
Featured image © Oli Scarff; Getty