Link

Emergency surveillance bill clears Commons

Emergency surveillance bill clears Commons:

This ‘emergency’ follows the European Court of of Justice finding that mass data retention laws in Europe are illegal. In response, the UK government is passing a localized data retention and surveillance bill.

Significantly, the government has stated that:

The government has insisted the ruling throws into doubt existing regulations, meaning communications companies could begin deleting vital data. Ministers claim the bill only reinforces the status quo and does not create new powers.

At issue is that the existing status quo has been deemed illegal. And yet, in response, Parliament has decided to pass more – still illegal – legislation. And so civil liberties groups will bring this into court, spend years fighting, only to have the legislation overturned. And after which, government will likely pass similar, still illegal, legislation. And the wheel of politics will turn on and on and on…

Quote

At a more domestic level, UK communications providers are worried that they could be exposed to legal action because of the unlawful mass surveillance that they were party to – even though on the whole they wanted no part of it.

Well, more precisely, many comms providers wanted no part of it unless the government picked up all the costs (older readers familiar with US law may recall the CALEA legislation that forced communications companies to make their technology wiretap friendly – with much the same response from companies).

There is a view that if the liability for unlawful surveillance rested entirely with the government, there would be no appetite for this legislation. Britain long ago elevated its institutional vandalism of EU legal rights from a science to an art, and then to a sport.

* Simon Davies, “ Britain takes the Uganda Road to legalise and extend state surveillance”
Quote

In the UK, the public, press, and politicians vigorously debated the Communications Data Bill, a law that would require ISPs and telecommunications providers to keep metadata records for 12 months (as of this writing, the bill has been withdrawn). The US had no discussion of such a bill; something more draconian simply happened through a secret interpretation of the law.

* Susan Landau, “Making Sense from Snowden
Quote

Although some of the core supporters of that group are prone to violence and criminal behaviour, Catt has never been convicted of criminal conduct in connections to the demonstrations he attended. Nonetheless, Catt’s personal information was held on the National Domestic Extremism Database that is maintained by the National Public Order Intelligence Unit. The information held on him included his name, age, description of his appearance and his history of attending political demonstrations. The police had retained a photograph of Mr Catt but it had been destroyed since it was deemed to be unnecessary. The information was accessible to members of the police who engage in investigations on “Smash EDO”.

In the ruling the Court of Appeal departs from earlier judgments by mentioning that the “reasonable expectation of privacy” is not the only factor to take into account in determining whether an individual’s Article 8 (1) right has been infringed. In surveying ECtHR case law, the Court noted that it is also important to check whether personal data has been subjected to systematic processing and if it is entered in a database. The rationale to include consideration of the latter two categories is that in this way authorities can recover information by reference to a particular person. Therefore, “the processing and retention of even publicly available information may involve an interference with the subject’s article 8 rights.” Since in the case of Catt, personal data was retained and ready to be processed, the Court found a violation of Article 8 (1) that requires justification.

The removal of Mr. Catt’s data from these databases is a significant victory for him and all those involved in fighting for citizens’ rights. However, the case acts as a clear lens through which we can see how certain facets of the state are actively involved in pseudo-criminalizing dissent: you’re welcome to say or do anything, so long as you’re prepared to be placed under perpetual state suspicion.

Link

This is not surveillance as we know it: the anatomy of Facebook messages

There are a lot of issues related to ‘wiretapping the Internet.’ A post from Privacy International, from 2012, nicely details the amount of metadata and data fields linked with just a Facebook message and the challenges in ‘just’ picking out certain fields from large lists.

As the organization notes:

Fundamentally, the whole of the request to the Facebook page must be read, at which point the type of message is known, and only then can the technology pretend it didn’t see the earlier parts. Whether this information is kept is often dismissed as “technical detail”, but in fact it is the fundamental point.

We should be vary of government harvesting large amounts of data and then promising to dispose of it; while such actions could be performed, initially, once the data is potentially accessible the laws to legitimize its capture, retention, storage, and processing will almost certainly follow.

Quote

At least Britain sort of got it half right. There, to make life easier for stores selling age-restricted items there’s a “Challenge 21″ programme, so anyone looking 21 or under is asked for ID, even if the products are restricted to over-18s. Tesco and other large chain stores championed a “Challenge 25″ programme just in case someone slipped through the net. Finally some idiot in the seaside resort of Blackpool came up with the idea of “Challenge 30″, which is roundly lambasted across Britain.

But at least these outlets demand high-integrity forms of ID such as driving licences. In the US you can show a picture of your dog pasted on the back of a chocolate biscuit and they’re likely to accept it.

That’s because no-one really knows why they are asking for ID in the first place, and no-one up the chain tells them – mainly because they don’t know either. Everyone just goes through the motions. There’s no way to verify the validity of ID, so everyone just plods along with the security theatre.

Quote

The [intelligence] professionals’ task is therefore to keep judgements anchored to what the intelligence actually reveals (or does not reveal) and keep in check any predisposition of policy-makers to pontificate … of trying to make nasty facts go away by the magical process of emitting loud noises in the opposite direction.

* Sir David Omand, “Reflections on Secret Intelligence”