UPDATE ISPs Urge Caution as Cameron Tries 3rd Internet Snooping Revival

The UK Internet Service Providers Association (ISPA) has felt it necessary to respond after the Prime Minister, David Cameron, created another storm by using last week’s Charlie Hebdo terrorist attacks in Paris (France) as a basis to demand tough new Internet surveillance powers and, some believe, to call for a ban on the use of encryption.

It’s of course no secret that both the Labour and Conservative parties are keen to see a revival of the so-called Snoopers Charter, which seeks to expand the United Kingdom’s existing internet snooping laws (data retention) and force ISPs into logging a much bigger slice of everybody’s online activity (e.g. Skype access, Facebook chat logs etc.); irrespective of whether or not you’ve committed a crime.

Both parties have tried and failed to get related bills pushed into law. Labour called it the Interception Modernisation Programme (IMP), while the current Government tried again under the Communications Data Bill. Each time significant opposition was mounted, not least due to concerns over excessive costs, technical feasibility, data security, invasions of privacy and the usual inability of politicians to understand how the Internet actually works.

But in the land of politicians – if at first you don’t succeed, ignore all of the valid concerns and repeatedly try again. Ding, ding.. round three.

David Cameron said:

“In our country, do we want to allow a means of communication between people that even in extremis, with a signed warrant from the home secretary personally, that we cannot read? Up until now, governments have said no, we must not.

That is why, in extremis, it has been possible to read someone’s letter, to listen to someone’s call, to mobile communications. We have a better process for safeguarding this very intrusive power than probably any other country I can think of.

But the question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not. The first duty of any government is to keep our country safe. The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe.

The powers that I believe we need, whether on communications data, or on the content of communications, I feel very comfortable these are absolutely right for a modern, liberal democracy.”

Some have interpreted Cameron’s words, especially his remark, “are we going to allow a means of communications which it simply isn’t possible to read“, as an indication that the Government wishes to ban encryption for secure communications. But in our view this is the wrong interpretation, not least because it would be virtually impossible to ban (encryption is a vital service and without it you don’t have credit card payments, secure trading or security full-stop). Encryption is almost everywhere, whether you’re aware of it or not.

You’d have better luck banning water from the sea, although we rather prefer Adrian Kennard’s (MD of AAISP) example, “If you take what he has said literally it would mean whispering to your partner in bed would be illegal in case the government planted microphone could not pick up what you said.”

The language of political speak is nothing if not ambiguous and with that in mind it’s our view that Cameron was expressing a more general desire to snoop on all of your online communications, with the option of being able to read (not ban) encrypted communications (so, a little better, but still bad). But at the same time some of his language is also at odds with the often repeated claim that none of the powers would involve the content of a communication (i.e. what you say or write).

Mercifully those with a degree of common sense, such as the ISPA, have waded in to urge caution. After all, recent Governments have developed a rather nasty habit of creating legislation for a complex technology that they often don’t appear to understand.

Nicholas Lansman, ISPA Secretary General, said:

“As calls are made for new wide-ranging internet surveillance powers following the horrific events in Paris, ISPA is concerned that politicians are taking the easy way out by demanding greater surveillance powers without explaining how they can effectively help to prevent future terrorist incidents and without giving proper consideration to valid concerns about civil liberties and the impact on business in the UK.

It has been reported that those responsible for the terrorist attacks were known to the security services. Existing legislation already allows for suspects’ communications to be intercepted via a warrant, and the retention of communications data, which is already being retained in the UK, would also have been available to the intelligence services and the police under the existing RIPA process. While the draft Communications Data Bill would have provided access to broader data set, it is questionable whether it would have helped to prevent the incidents in Paris and the industry and UK citizens should be provided with a clear justification for why the Bill is needed now.

Restricting the use of encryption and encrypted communication, as suggested by the Prime Minister, further risks undermining the UK’s status as a good and safe place to do business. In the wake of an increasing number of cyber-attacks and Government initiatives to raise the awareness of cyber risks, encryption is widely accepted as a key measure to do business safely online. Business, individuals and governments around the world rely on encryption to carry out everyday tasks and services, forcing companies to weaken encryption measures would weaken protection against cyber criminals, foreign intelligence agencies and others.

ISPA accepts that the communications landscape is changing but an independent, Government-commissioned review is being led by David Anderson QC into investigatory powers. This is the sort of considered and informed process, listening and involving the various stakeholders, that we hope will inform and develop policy in this area. The review is set to report before the election and we are concerned that politicians have pre-judged the review and will ignore its conclusions.”

As usual the devil is in the detail and right now we don’t have any of that. Plus with a General Election coming up in May 2015 there’s virtually no chance of getting a bill through before the next parliament, although that never stopped the basket case Digital Economy Act 2010 from being pushed through to tackle online piracy and five years on it still hasn’t been fully implemented.

On top of that the most vocal opponents of a new Snoopers Charter, the Liberal Democrats, appear to be losing voter share and that means less opposition for the Conservatives and Labour to worry about. Meanwhile UKIP haven’t taken a clear position and continue to focus more on matters of immigration.

Somewhere along the line both of the big parties appear to have forgotten that technologically literate people do, sometimes, vote and also live in the United Kingdom. Hopefully the Government don’t attempt to ban encryption, but if they do.. well we’ll probably see you all again at the 4th revival in 2020.

UPDATE 16th Jan 2015

The boss of AAISP, Adrian Kennard, has published a simple video that roughly explains how any child can send secret messages that the government cannot decode. The purpose is of course to highlight the futility of the Government’s position.